Certified Information Systems Security Professional (CISSP) — Question 58

During testing, where are the requirements to inform parent organizations, law enforcement, and a computer incident response team documented?

Answer options

• A. Security Assessment Report (SAR)
• B. Security assessment plan
• C. Unit test results
• D. System integration plan

Correct answer: B

Explanation

The correct answer is B, as the security assessment plan outlines the procedures and requirements for security-related testing, including notification protocols. The other options either do not specifically address the requirements for notifications or pertain to different aspects of security assessments.