contestada

George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use?
A. Risk Management Guide for Information Technology Systems (NIST SP800-30).
B. CCTA Risk Analysis and Management Method (CRAMM).
C. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE).
D. ISO/IEC 27005, "Information Security Risk Management".

Respuesta :

Answer:

The methodology for suited for George's use is A. Risk Management Guide for Information Technology Systems (NIST SP800-30)

Explanation:

The Risk Management Guide for Information Technology Systems (NIST SP 800-30) was set in place to conduct risk analysis on federal organizations and their information systems in the U.S.

The other options do not apply to U.S federal government agencies. Hence, George is best suited to use the Risk Management Guide for Information Technology Systems (NIST SP 800-30)

Otras preguntas