nerdexam
(ISC)2

CISSP-ISSEP · Question #73

Which of the following are the most important tasks of the Information Management Plan (IMP)? Each correct answer represents a complete solution. Choose all that apply.

The correct answer is A. Define the Information Protection Policy (IPP). C. Define the mission need. D. Identify how the organization manages its information.. An Information Management Plan (IMP) is a governance document focused on how an organization handles and protects its information assets - so options A (defining the IPP), C (defining the mission need), and D (identifying information management practices) are correct because they

Security Planning and Design

Question

Which of the following are the most important tasks of the Information Management Plan (IMP)? Each correct answer represents a complete solution. Choose all that apply.

Options

  • ADefine the Information Protection Policy (IPP).
  • BDefine the System Security Requirements.
  • CDefine the mission need.
  • DIdentify how the organization manages its information.

How the community answered

(35 responses)
  • A
    86% (30)
  • B
    14% (5)

Explanation

An Information Management Plan (IMP) is a governance document focused on how an organization handles and protects its information assets - so options A (defining the IPP), C (defining the mission need), and D (identifying information management practices) are correct because they collectively establish why information is needed, what policies protect it, and how it flows through the organization. Option B is the distractor because defining System Security Requirements is a technical security engineering activity that belongs in a System Security Plan (SSP) or similar artifact - not in an information management plan, which operates at a policy/governance level rather than a system specification level.

Memory tip: Think of the IMP as answering three governance questions - Why do we need this info? (mission need), Who controls it and how? (management practices), and What protects it? (protection policy). If a choice sounds like a technical system spec (requirements, architecture, controls), it belongs elsewhere.

Topics

#Information Management Plan (IMP)#Information Protection Policy (IPP)#Organizational Planning#Information Governance

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice