Baseline controls are applied for a group of IT systems. Since the question is asking about the most comprehensive controls, I would go for C, since a risk assessment specifically addresses a systems risk.
A - Baseline controls represent the foundational security requirements that an organization establishes for its systems. These controls cover essential security aspects and serve as a starting point for securing the system. They include fundamental practices such as access controls, encryption, patch management, and configuration standards. C, is however, they focus on identifying and prioritizing risks rather than specifying detailed security requirements.
I would go with A stating baseline requirements for a newly developed information system as they don't require to be part of the system however analysis from the risk assessment results would be involved in the selection of baseline controls.
If risks are accepted without any need for additional controls, then the risk assessment itself doesn't result in new requirements.
Baseline controls are a set of standard security requirements that apply to all systems within an organization to provide a minimum level of security.
The most comprehensive set of security requirements for a newly developed information system would be defined by C. Risk assessment results. Risk assessment is a systematic process of identifying, analyzing, and evaluating potential risks to determine the effectiveness of existing security controls and identify any additional security requirements that may be necessary. By analyzing the results of a risk assessment, one can determine the specific security measures and controls needed to protect the information system effectively.
Baseline controls represent the most comprehensive set of security requirements for a newly developed information system. These controls provide a foundation of security measures that should be implemented regardless of the specific risks or vulnerabilities of the system. They cover a wide range of security aspects, including access control, data protection, network security, and application security.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Josef4CISM
1 month, 1 week agoBooict
7 months, 1 week ago1899f17
9 months, 1 week agoyottabyte
11 months, 2 weeks ago3czz
1 year agoFantasyDream
1 year agoxcjxcj
11 months, 3 weeks agoPOWNED
1 year agoPOWNED
1 year agokoala_lay
1 year, 2 months agoUncle_Lucifer
1 year, 2 months agoSoleandheel
1 year, 3 months agoCyberbug2021
1 year, 3 months agorichck102
1 year, 3 months ago