Which DSAC domain is primarily about setting organizational policies and risk tolerance?

Prepare for the DSAC-11 Annex B Test. Study with our quiz featuring flashcards and multiple-choice questions, each question accompanied by hints and explanations. Get ready to excel!

Multiple Choice

Which DSAC domain is primarily about setting organizational policies and risk tolerance?

Explanation:
Governance is about establishing the authority, policies, standards, and risk appetite that guide an organization’s security posture. It sets organizational policies and defines the level of risk the organization is willing to accept, providing the framework within which all other security activities operate. Risk management focuses on identifying, assessing, and mitigating risks within that framework, while access control deals with who can access which resources, and incident response covers actions taken after a security event. Because governance determines the policies and the boundaries of acceptable risk, it is the domain responsible for setting those overarching guidelines.

Governance is about establishing the authority, policies, standards, and risk appetite that guide an organization’s security posture. It sets organizational policies and defines the level of risk the organization is willing to accept, providing the framework within which all other security activities operate. Risk management focuses on identifying, assessing, and mitigating risks within that framework, while access control deals with who can access which resources, and incident response covers actions taken after a security event. Because governance determines the policies and the boundaries of acceptable risk, it is the domain responsible for setting those overarching guidelines.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy