Certified Information Systems Security Professional (CISSP) — Question 373

The initial security categorization should be done early in the system life cycle and should be reviewed periodically. Why is it important for this to be done correctly?

Answer options

• A. It determines the functional and operational requirements.
• B. It determines the security requirements.
• C. It affects other steps in the certification and accreditation process.
• D. The system engineering process works with selected security controls.

Correct answer: B

Explanation

The correct answer is B because accurate security categorization directly identifies the security requirements that need to be addressed. Options A, C, and D are related to the implications of categorization but do not address the primary need for establishing security requirements, which is critical for the overall security posture.