nerdexam
(ISC)2

CISSP-ISSEP · Question #14

Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats?

The correct answer is B. Information Protection Policy (IPP). Option B is correct because the Information Protection Policy (IPP) is specifically designed to document the threat environment facing an organization's information assets alongside the security services and controls required to mitigate those threats - making it the primary refe

Governance and Training

Question

Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats?

Options

  • ASystem Security Context
  • BInformation Protection Policy (IPP)
  • CCONOPS
  • DIMM

How the community answered

(44 responses)
  • A
    2% (1)
  • B
    95% (42)
  • C
    2% (1)

Explanation

Option B is correct because the Information Protection Policy (IPP) is specifically designed to document the threat environment facing an organization's information assets alongside the security services and controls required to mitigate those threats - making it the primary reference for both risk identification and the protective response.

Why the distractors are wrong:

  • A (System Security Context): Describes the operational environment and boundaries of a system (who uses it, how it connects), but does not catalogue threats or prescribe controls.
  • C (CONOPS - Concept of Operations): Focuses on how a system will be used operationally, not on security threats or protective controls.
  • D (IMM - Information Management Manual): Governs how information is handled, stored, and managed organizationally, rather than identifying threats or security countermeasures.

Memory tip: Think of the IPP as a "threat-and-cure" document - it names the threats and prescribes the protection. The word Protection in the name is your clue that this is the document where both problems (threats) and solutions (controls) live together.

Topics

#Information Protection Policy#Security Documentation#Threats#Security Controls

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice