CISSP · Question #1318
An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?
The correct answer is C. People, technology, and operations. Defense in depth is a security strategy that recognizes information security cannot be achieved through technology alone, but requires a balanced focus on people, technology, and operations working together.
Question
Options
- ADevelopment, testing, and deployment
- BPrevention, detection, and remediation
- CPeople, technology, and operations
- DCertification, accreditation, and monitoring
How the community answered
(52 responses)- A4% (2)
- B2% (1)
- C92% (48)
- D2% (1)
Why each option
Defense in depth is a security strategy that recognizes information security cannot be achieved through technology alone, but requires a balanced focus on people, technology, and operations working together.
Development, testing, and deployment describe phases of a software development lifecycle (SDLC), not the foundational elements of an information security philosophy like defense in depth.
Prevention, detection, and remediation describe phases of an incident response or threat management cycle, which is a subset of security operations rather than the overarching pillars of defense in depth.
Defense in depth as defined by frameworks like NIST and ISC2 explicitly identifies people, technology, and operations as the three primary pillars of a comprehensive security posture. People encompasses training and awareness, technology covers tools and controls, and operations refers to the processes and procedures that tie them together - no single element is sufficient without the others.
Certification, accreditation, and monitoring relate to the risk management and authorization processes used in government frameworks such as NIST RMF, not the primary balanced elements of defense in depth.
Concept tested: Defense in depth primary pillars: people, technology, operations
Source: https://www.nist.gov/system/files/documents/2017/06/05/040-056_chapter3.pdf
Topics
Community Discussion
No community discussion yet for this question.