Which choice below is the BEST description of operational assurance?

A.
Operational assurance has the benefit of containing and repairing damage from incidents.

B.
Operational assurance is the process of performing pre-employment background screening.

C.
Operational assurance is the process of examining audit logs to reveal usage that identifies
misuse.

D.
Operational assurance is the process of reviewing an operational system to see that security
controls are functioning correctly.

Explanation:
Operational assurance is the process of reviewing an operational system to see that security
controls, both automated and manual, are functioning correctly and effectively. Operational
assurance addresses whether the systems technical features are being bypassed or have
vulnerabilities and whether required procedures are being followed. To maintain operational
assurance, organizations use two basic methods: system audits and monitoring. Asystem audit is a
one-time or periodic event to evaluate security. Monitoring refers to an ongoing activity that
examines either the system or the users. *Answer “Operational assurance is the process of
examining audit logs to reveal usage that identifies misuse” is a description of an audit trail review.
Answer “Operational assurance has the benefit of containing and repairing damage from incidents”
is a description of a benefit of incident handling. The main benefits of proper incident handling are
containing and repairing damage from incidents, and preventing future damagE. *Answer
“Operational assurance is the process of performing pre-employment background screening”
describes a personnel control. Source: National Institute of Standards and Technology, An
Introduction to Computer Security: The NIST Handbook Special Publication 800-12.