Question

The set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system.

A) Low, moderate, and high-impact systems have the same set of security controls.
B) Security controls vary significantly based on the impact level of the information system.
C) Low-impact systems have the most security controls, while high-impact systems have the least.
D) Moderate-impact systems have the most security controls, while low-impact systems have the least.

Answer 1

Security controls vary significantly based on the impact level of the information system.

Step-by-step explanation:

The correct answer is B) Security controls vary significantly based on the impact level of the information system.

Low-impact, moderate-impact, and high-impact information systems have different sets of security controls. The level of impact of an information system refers to the potential harm that could result from a loss of confidentiality, integrity, or availability of the system. Therefore, the security controls required for each level of impact are tailored to address the specific risks and vulnerabilities associated with that level.

For example, a low-impact system may only require basic security controls such as password protection and regular backups. On the other hand, a high-impact system may require more robust controls such as multi-factor authentication, encryption, and intrusion detection systems.