CISSP-ISSMP · Question #202
Which of the following are known as the three laws of OPSEC? Each correct answer represents a part of the solution. Choose three.
The correct answer is A. If you don't know the threat, how do you know what to protect? B. If you don't know what to protect, how do you know you are protecting it? C. If you are not protecting it (the critical and sensitive information), the adversary wins!. The three laws of OPSEC (Operations Security) form a foundational framework for protecting sensitive information: (A) 'If you don't know the threat, how do you know what to protect?' - you must identify adversaries and their capabilities first; (B) 'If you don't know what to prot
Question
Which of the following are known as the three laws of OPSEC? Each correct answer represents a part of the solution. Choose three.
Options
- AIf you don't know the threat, how do you know what to protect?
- BIf you don't know what to protect, how do you know you are protecting it?
- CIf you are not protecting it (the critical and sensitive information), the adversary wins!
- DIf you don't know about your security resources you cannot protect your network.
How the community answered
(26 responses)- A88% (23)
- D12% (3)
Explanation
The three laws of OPSEC (Operations Security) form a foundational framework for protecting sensitive information: (A) 'If you don't know the threat, how do you know what to protect?' - you must identify adversaries and their capabilities first; (B) 'If you don't know what to protect, how do you know you are protecting it?' - critical information must be identified before it can be safeguarded; (C) 'If you are not protecting it, the adversary wins!' - failure to actively protect critical information results in compromise. Option D is not one of the three official laws; it describes a resource-awareness concept but is not part of the canonical OPSEC three-law framework.
Topics
Community Discussion
No community discussion yet for this question.