312-50V10 · Question #53
Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-policies like Computer Security Policy, Informatio
The correct answer is C. Confidentiality, Integrity, Availability. The CIA triad - Confidentiality, Integrity, and Availability - is the foundational framework that serves as the main theme underlying all IT security sub-policies.
Question
Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-policies like Computer Security Policy, Information Protection Policy, Information Security Policy, network Security Policy, Physical Security Policy, Remote Access Policy, and User Account Policy. What is the main theme of the sub-policies for Information Technologies?
Options
- AAvailability, Non-repudiation, Confidentiality
- BAuthenticity, Integrity, Non-repudiation
- CConfidentiality, Integrity, Availability
- DAuthenticity, Confidentiality, Integrity
How the community answered
(67 responses)- A1% (1)
- B3% (2)
- C88% (59)
- D7% (5)
Why each option
The CIA triad - Confidentiality, Integrity, and Availability - is the foundational framework that serves as the main theme underlying all IT security sub-policies.
Non-repudiation is a valid security concept but is not part of the CIA triad; replacing Integrity with Non-repudiation produces an incorrect combination that does not represent the standard IT security framework.
Authenticity and Non-repudiation are important but supplementary security properties, and this combination omits Availability, which is one of the three core pillars of the CIA triad.
The CIA triad is the universally accepted cornerstone of information security on which all IT sub-policies are built. Confidentiality ensures data is accessible only to authorized parties, Integrity ensures data remains accurate and unaltered, and Availability ensures systems and data are accessible when needed. Every IT security sub-policy listed in the question (e.g., User Account Policy, Remote Access Policy) maps directly to protecting one or more of these three properties.
Authenticity is not one of the three primary pillars of the CIA triad; Availability is the missing component needed to correctly complete the foundational framework.
Concept tested: CIA triad as foundation of IT security policy
Source: https://www.nist.gov/publications/introduction-information-security
Topics
Community Discussion
No community discussion yet for this question.