Certified Information Systems Security Professional (CISSP) — Question 271

Which of the following goals represents a modern shift in risk management according to National Institute of Standards and Technology (NIST)?

Answer options

• A. Provide an improved mission accomplishment approach.
• B. Focus on operating environments that are changing, evolving, and full of emerging threats.
• C. Enable management to make well-informed risk-based decisions justifying security expenditure.
• D. Secure information technology (IT) systems that store, mass, or transmit organizational information.

Correct answer: B

Explanation

The correct answer, B, highlights the need to adapt to rapidly changing environments and emerging threats, which is crucial in today’s risk management strategies. Options A, C, and D, while important, do not emphasize the necessity to respond to the evolving nature of risks as directly as option B does.