CompTIA CASP+ Practice Test

Which framework could standardize security architecture within an organization to enhance quality and consistency?

• A. Agile methodology
• B. Security Information and Event Management (SIEM)
• C. Enterprise Security Architecture (ESA)
• D. ITIL service management

The correct answer is: Enterprise Security Architecture (ESA)

The choice of Enterprise Security Architecture (ESA) as the correct answer is well justified because ESA provides a structured approach to integrate security considerations into the overall enterprise architecture. By standardizing security policies, procedures, and technologies, ESA enhances both the quality and consistency of security implementations within an organization. ESA emphasizes aligning security practices with the business objectives, ensuring that security measures complement the operational and strategic goals of the organization. This alignment leads to more effective risk management and resource allocation, as all security components are designed to work cohesively within the established framework. Additionally, ESA promotes a clear definition of roles and responsibilities concerning security, thereby establishing accountability and facilitating easier compliance with regulatory requirements. Its structured methodology enables organizations to assess their security posture comprehensively, identify gaps, and implement necessary controls consistently across different departments. In contrast, Agile methodology generally focuses on flexible project management and software development rather than security architecture standardization. Security Information and Event Management (SIEM) is primarily a tool for monitoring and responding to security incidents rather than a framework for standardizing security architecture. ITIL service management, while beneficial for improving IT service delivery, does not specifically address security architecture normalization.