The Open Web Application Security Project's (OWASP) Software Assurance Maturity Model (SAMM) allows organizations to implement a flexible software security strategy to measure organizational impact based on what risk management aspect?
The Open Web Application Security Project's (OWASP) Software Assurance Maturity Model (SAMM) allows organizations to implement a flexible software security strategy to measure organizational impact based on what risk management aspect?
The OWASP Software Assurance Maturity Model (SAMM) focuses on allowing organizations to implement a flexible software security strategy to measure organizational impact based on risk tolerance. Risk tolerance refers to an organization's willingness to accept a certain level of risk. SAMM helps organizations assess and enhance their software security practices while considering their specific risk tolerance and needs.
SAMM: The Open Web Application Software Project (OWASP) embeds risk response and mitigation throughout the software development cycle.
D is correct
B. I googled SAMM combined with all the options and "risk tolerance" is the only one that matched: "assurance goals are commensurate with their business goals and risk tolerance." https://owasp.org/www-pdf-archive/OpenSAMM_How_To_V1-1-Final.pdf
B. Risk tolerance The Open Web Application Security Project's (OWASP) Software Assurance Maturity Model (SAMM) allows organizations to implement a flexible software security strategy to measure organizational impact based on risk tolerance. Risk tolerance refers to an organization's willingness to accept a certain level of risk. SAMM helps organizations assess and improve their software security practices while considering their specific risk tolerance and needs.
ChatGPT and I both say Risk Treatment because OWASP SAMM is "an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization."
Incident management (Incident detection and response) is part of the 5th function of SAMM's 5 business functions.
Answer B) Risk Tolerance A software security framework must be flexible and allow organizations to tailor their choices based on their risk tolerance and the way in which they build and use software. https://owasp.org/www-pdf-archive/SAMM_Core_V1-5_FINAL.pdf
The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you: -Evaluate an organization’s existing software security practices -Build a balanced software security assurance program in well-defined iterations -Demonstrate concrete improvements to a security assurance program -Define and measure security-related activities throughout an organization
The risk tolerance of an organization refers to its willingness to accept a certain level of risk. By using the SAMM framework, an organization can evaluate its current risk tolerance and identify areas where improvements can be made. This allows the organization to implement a flexible software security strategy that is aligned with its overall risk management objectives.
Typo, B,
B. Risk tolerance The Open Web Application Security Project's (OWASP) Software Assurance Maturity Model (SAMM) primarily focuses on measuring organizational impact based on "Risk Tolerance."
SAMM is more aligned with the concept of "risk treatment" rather than "risk response." Risk treatment involves the actions taken to manage, mitigate, or accept identified risks. In the context of SAMM, organizations use the model to assess their current software security practices and then implement improvements and measures to treat or mitigate identified security risks.
treatment. Risk treatment involves identifying, assessing, and prioritizing risks and then implementing measures to mitigate, transfer, avoid, or accept those risks based on the organization's risk appetite and objectives. SAMM helps organizations treat risks related to software security by providing guidance on improving their software development practices, enhancing security controls, and implementing security measures throughout the software development lifecycle. By addressing vulnerabilities and weaknesses in software development processes, SAMM helps organizations reduce the likelihood and impact of security incidents and breaches.
Changed answer. According to the ISC2 official study guide: risk management strategies Options of risk response or management. Includes acceptance/ tolerance, avoidance, assignment/transfer, reduction/mitigation, and rejecting/ignoring so the answer would be B. Risk tolerance was also in the glossary, but the terms risk treatment and risk exception (while valid terminology outside ISC2 study guide) wasn't list so it appears this question is another 'word game' question.
https://drive.google.com/file/d/1cI3Qzfrly_X89z7StLWI5p_Jfqs0-OZv/view?pli=1 'Based on the magnitude of assets, threats, and risk tolerance, develop a security strategic plan and budget to address business priorities around application security' Pg 24. No mention of the restt.
Answer is B, Risk tolerance