
Explanation:
Creating a company cybersecurity policy that covers roles and responsibilities of employees does not fall under the 'protect' step of the National Institute of Standards and Technology (NIST) guidelines. This action is actually a part of the 'identify' step of the NIST framework. The 'identify' step involves understanding the business context, the resources that support critical functions, and the related cybersecurity risks. This enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. The creation of a cybersecurity policy that outlines the roles and responsibilities of employees is a crucial part of this step as it helps to clearly define who is responsible for what in the context of cybersecurity.
Choice A is incorrect. Controlling who logs onto a company’s network is indeed part of the 'protect' step, which involves implementing safeguards to ensure the delivery of critical services and limiting access to authorized users.
Ultimate access to all questions.
Q.5119 Which of the following actions does not fall under the 'protect' step of the National Institute of Standards and Technology (NIST) guidelines?
A
Controlling who logs onto a company’s network
B
Updating security software regularly
C
Creating a company cybersecurity policy that covers roles and responsibilities of employees
D
Having formal policies for safely disposing of electronic files
No comments yet.