Certified Information Systems Security Professional (CISSP) — Question 41

What is the MOST important goal of conducting security assessments?

Answer options

• A. To align the security program with organizational risk appetite
• B. To demonstrate proper function of security controls and processes to senior management
• C. To prepare the organization for an external audit, particularly by a regulatory entity
• D. To discover unmitigated security vulnerabilities, and propose paths for mitigating them

Correct answer: D

Explanation

The primary aim of security assessments is to identify unmitigated vulnerabilities and recommend solutions to address them, which is why option D is correct. While aligning with risk appetite, demonstrating control effectiveness, and preparing for audits are important, they are secondary to the fundamental goal of enhancing security by addressing vulnerabilities.