Certified Secure Software Lifecycle Professional (CSSLP) — Question 17

The organization level is the Tier 1 and it addresses risks from an organizational perspective. What are the various Tier 1 activities? Each correct answer represents a complete solution. Choose all that apply.

Answer options

• A. The organization plans to use the degree and type of oversight, to ensure that the risk management strategy is being effectively carried out.
• B. The level of risk tolerance.
• C. The techniques and methodologies an organization plans to employ, to evaluate information system-related security risks.
• D. The RMF primarily operates at Tier 1.

Correct answer: D

Explanation

The correct answer is D because the Risk Management Framework (RMF) is designed to operate primarily at the Tier 1 level, where organizational risks are addressed. Options A, B, and C describe aspects of risk management but do not specifically relate to the Tier 1 activities as required by the question.