CISSP Exam - Question 372

C is correct according to NIST SP 800-39

Going for B. An update to NIST’s Cybersecurity Framework coming soon: https://www.nextgov.com/cybersecurity/2021/12/nist-outlines-request-information-toward-new-cybersecurity-framework/187427/

think as a manager

There is nothing "modern" in option "C" as that has always been the case. Option "B" addresses more modern risk challenges especially with BYOD and the cloud.

Agree with B due to "shift" at NIST . If not for that would select C

Goals. Not task.

Modern shift = emerging threats. Is nothing new about expenditure. Asking for funds especially for security has always been a problem for companies, is nothing new there until they get hit.

A: According to the National Institute of Standards and Technology (NIST) and modern risk management practices, there is a shift towards a greater focus on operating environments that are changing, evolving, and full of emerging threats. This shift recognizes the dynamic and ever-evolving nature of cybersecurity threats and the need for organizations to adapt to these changes continuously. Option A reflects the idea of embracing a proactive and adaptive approach to risk management, which aligns with modern cybersecurity principles. While the other options (B, C, and D) are important aspects of risk management and security practices, they do not specifically represent the modern shift towards addressing evolving threats and operating environments:

Answer B) https://fedscoop.com/nist-health-cyber-guidance-revision-2/#:~:text=Revision%202%20shifts%20focus%20to%20risk%20management%20of%20environmental%20threats