CISSP · Question #133
An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern?
The correct answer is C. Integrity. When an organization publishes policy documents that are periodically updated, ensuring the content has not been tampered with or accidentally altered is the primary concern, which maps to the integrity pillar of the CIA triad.
Question
Options
- AAvailability
- BConfidentiality
- CIntegrity
- DOwnership
How the community answered
(67 responses)- A6% (4)
- B12% (8)
- C79% (53)
- D3% (2)
Why each option
When an organization publishes policy documents that are periodically updated, ensuring the content has not been tampered with or accidentally altered is the primary concern, which maps to the integrity pillar of the CIA triad.
Availability concerns whether the resource is accessible when needed; while important, it is not the primary concern for an intranet policy file that is simply published and updated periodically.
Confidentiality protects sensitive information from unauthorized disclosure, but employee policies are intentionally made accessible to all employees on the intranet, so restricting access is not the primary concern.
Integrity ensures that data remains accurate, consistent, and unaltered by unauthorized parties. For a policy document that is periodically updated and relied upon by employees, the primary risk is that the file could be maliciously or accidentally modified to contain incorrect or misleading policies. Controls such as hashing, digital signatures, and access controls protect the integrity of such documents.
Ownership is not a formal pillar of the CIA triad and does not represent a primary security concern in this context; it is a governance/administrative concept rather than a core information security objective.
Concept tested: CIA triad - integrity of published documents
Source: https://www.nist.gov/publications/guide-conducting-risk-assessments
Topics
Community Discussion
No community discussion yet for this question.