Which of the following is a formal process?

Prepare for the Network Security (NETSEC) 2 Exam. Utilize flashcards and multiple choice questions, complete with hints and detailed explanations. Excel in your security skills!

Multiple Choice

Which of the following is a formal process?

Explanation:
A formal process is a structured, documented, repeatable sequence of steps with defined owners, inputs, outputs, and approvals. This structure ensures consistency, accountability, and the ability to audit what happened. Annual corporate planning fits this clearly. It happens on a regular schedule, relies on formal documentation (plans, budgets, risk assessments), and requires stakeholder involvement and executive sign-off. The process produces concrete outputs that guide actions for the year, with defined timelines and responsibilities. Planning and developing individual countermeasures also embodies formality. It follows a risk-management lifecycle: identifying assets and threats, assessing risk, selecting and designing controls, planning implementation, obtaining approvals, testing, and monitoring. Each step is documented, assigned to responsible individuals, and tied to governance or change-management practices. This makes the activity repeatable, auditable, and aligned with organizational security objectives. Because both activities follow structured, documented, and auditable procedures, they are both formal processes.

A formal process is a structured, documented, repeatable sequence of steps with defined owners, inputs, outputs, and approvals. This structure ensures consistency, accountability, and the ability to audit what happened.

Annual corporate planning fits this clearly. It happens on a regular schedule, relies on formal documentation (plans, budgets, risk assessments), and requires stakeholder involvement and executive sign-off. The process produces concrete outputs that guide actions for the year, with defined timelines and responsibilities.

Planning and developing individual countermeasures also embodies formality. It follows a risk-management lifecycle: identifying assets and threats, assessing risk, selecting and designing controls, planning implementation, obtaining approvals, testing, and monitoring. Each step is documented, assigned to responsible individuals, and tied to governance or change-management practices. This makes the activity repeatable, auditable, and aligned with organizational security objectives.

Because both activities follow structured, documented, and auditable procedures, they are both formal processes.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy