As your organization’s security administrator, you are reviewing the audit results to assess if your organization’s security baselines are maintained. In which phase of the security management life cycle are you engaged?
A. Plan and Organize
C. Operate and Maintain
D. Monitor and Evaluate
The correct answer is D.
You are engaged in the Monitor and Evaluate phase of the security management life cycle. This phase includes the following components:
- Review logs, audit results, metrics, and service level agreements.
- Assess accomplishments.
- Complete quarterly steering committee meetings.
- Develop improvement steps for integration into Plan and Organize phase.
- Reviewing audits is not part of any of the other phases.
CISSP Certification Prep Course