Question

Howard is leading a project to commission a new information system that will be used by a federal government agency. He is working with senior officials to document and accept the risk of operation prior to allowing use.
What step of the risk management framework is Howard completing?

a. Implement security controls in IT systems.
b. Assess security controls for effectiveness.
c. Authorize the IT system for processing.
d. Continuously monitor security controls.

Answer 1

Answer:

The correct answer is A.

Explanation:

Given the example in the question, Howard is at the step of implementing security controls.

There are five official steps for the risk management framework.

1. Categorizing The Information System: In this step, the IT system's objectives are assigned based on the current mission or project.
2. Selecting Security Controls: After the risk assesment is done, the security controls for technical, hardware and software problems are decided according to the outcome.
3. Implementing Security Controls: In this step, the points that were decided in the step before are put into action.
4. Authorizing The Information System: Authorization for the risk management is approved and monitored.
5. Monitoring Security Controls: The authorities keep monitoring the process and makes any necessary changes and updates.

The process that is explained in the question is step 3, which is given in option A.

I hope this answer helps.