nerdexam
(ISC)2

CISSP-ISSEP · Question #131

Which of the following terms describes the security of an information system against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the

The correct answer is D. Information systems security (InfoSec). Information systems security (InfoSec) is defined precisely as protecting information systems against unauthorized access, modification, and denial of service - making D the exact match for the definition given. Information Assurance (IA) is broader, encompassing policies, proces

Governance and Training

Question

Which of the following terms describes the security of an information system against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users or the provision of service to unauthorized users?

Options

  • AInformation Assurance (IA)
  • BInformation Systems Security Engineering (ISSE)
  • CInformation Protection Policy (IPP)
  • DInformation systems security (InfoSec)

How the community answered

(38 responses)
  • B
    3% (1)
  • C
    5% (2)
  • D
    92% (35)

Explanation

Information systems security (InfoSec) is defined precisely as protecting information systems against unauthorized access, modification, and denial of service - making D the exact match for the definition given. Information Assurance (IA) is broader, encompassing policies, processes, and confidence measures beyond just technical security, so A overshoots the definition. ISSE refers to a process for engineering security into systems during development, not a definition of the security state itself, ruling out B. Information Protection Policy (IPP) is a governance document dictating how information should be handled - not a term describing system security properties.

Memory tip: The question's definition uses the word "security" and maps precisely to InfoSec - "Sec" = security. When a definition lists storage/processing/transit plus denial-of-service, think CIA triad enforcement, which is the core of InfoSec.

Topics

#Information Security#Definitions#Foundational Concepts#CIA Triad

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice