CISSP-ISSEP · Question #61
Which of the following is NOT used in the practice of Information Assurance (IA) to define assurance requirements?
The correct answer is C. Communications Management Plan. Communications Management Plan belongs to project management (PMBOK), not Information Assurance - it governs how project information is distributed among stakeholders, making it the clear outlier here. The three distractors are all legitimate IA frameworks: the Classic informatio
Question
Which of the following is NOT used in the practice of Information Assurance (IA) to define assurance requirements?
Options
- AClassic information security model
- BFive Pillars model
- CCommunications Management Plan
- DParkerian Hexad
How the community answered
(29 responses)- A7% (2)
- C90% (26)
- D3% (1)
Explanation
Communications Management Plan belongs to project management (PMBOK), not Information Assurance - it governs how project information is distributed among stakeholders, making it the clear outlier here.
The three distractors are all legitimate IA frameworks: the Classic information security model (the CIA Triad: Confidentiality, Integrity, Availability) is the foundational IA model taught universally; the Five Pillars model extends CIA by adding Authentication and Non-repudiation as explicit requirements; and the Parkerian Hexad further expands the CIA Triad with Possession, Authenticity, and Utility, giving six properties for defining assurance needs.
Memory tip: If you see a term borrowed from project management (Plans, Charters, Registers), it almost certainly does not belong in a list of IA assurance frameworks - IA frameworks use properties or "pillars," not planning documents.
Topics
Community Discussion
No community discussion yet for this question.