Certified Governance Risk and Compliance (CGRC) Practice Exam 2026 - Free CGRC Practice Questions and Study Guide

The Clinger-Cohen Act promotes a risk-based policy for cost-effective security by emphasizing the need for federal agencies to improve the management of information technology. This act specifically requires that agencies assess their IT investments based on their effectiveness and risk, ensuring that resources are allocated in a manner that addresses the most critical security needs while being cost-effective. The focus is on achieving the best balance between risk management and expenditure, thus ensuring that security measures align with the actual risks faced by the agency.

In contrast, the other acts mentioned, while they may have implications for technology and governance, do not specifically advocate for a risk-based approach to security in the same way the Clinger-Cohen Act does. The Lanham Act primarily deals with trademark registration and protection, the Computer Misuse Act focuses on offenses related to unauthorized access to computer systems, and the Paperwork Reduction Act (PRA) aims to reduce the burden of paperwork on the public, which is not directly related to establishing a risk-based security framework.