Exam CISSP topic 1 question 372 discussion

C is correct according to NIST SP 800-39

Answer B) https://fedscoop.com/nist-health-cyber-guidance-revision-2/#:~:text=Revision%202%20shifts%20focus%20to%20risk%20management%20of%20environmental%20threats

A: According to the National Institute of Standards and Technology (NIST) and modern risk management practices, there is a shift towards a greater focus on operating environments that are changing, evolving, and full of emerging threats. This shift recognizes the dynamic and ever-evolving nature of cybersecurity threats and the need for organizations to adapt to these changes continuously. Option A reflects the idea of embracing a proactive and adaptive approach to risk management, which aligns with modern cybersecurity principles. While the other options (B, C, and D) are important aspects of risk management and security practices, they do not specifically represent the modern shift towards addressing evolving threats and operating environments:

Agree with B due to "shift" at NIST . If not for that would select C

Modern shift = emerging threats. Is nothing new about expenditure. Asking for funds especially for security has always been a problem for companies, is nothing new there until they get hit.

There is nothing "modern" in option "C" as that has always been the case. Option "B" addresses more modern risk challenges especially with BYOD and the cloud.

Goals. Not task.

think as a manager

Going for B. An update to NIST’s Cybersecurity Framework coming soon: https://www.nextgov.com/cybersecurity/2021/12/nist-outlines-request-information-toward-new-cybersecurity-framework/187427/