nerdexam
(ISC)2

CISSP · Question #133

An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern?

The correct answer is C. Integrity. When an organization publishes policy documents that are periodically updated, ensuring the content has not been tampered with or accidentally altered is the primary concern, which maps to the integrity pillar of the CIA triad.

Submitted by anna_se· Mar 5, 2026Asset Security

Question

An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern?

Options

  • AAvailability
  • BConfidentiality
  • CIntegrity
  • DOwnership

How the community answered

(67 responses)
  • A
    6% (4)
  • B
    12% (8)
  • C
    79% (53)
  • D
    3% (2)

Why each option

When an organization publishes policy documents that are periodically updated, ensuring the content has not been tampered with or accidentally altered is the primary concern, which maps to the integrity pillar of the CIA triad.

AAvailability

Availability concerns whether the resource is accessible when needed; while important, it is not the primary concern for an intranet policy file that is simply published and updated periodically.

BConfidentiality

Confidentiality protects sensitive information from unauthorized disclosure, but employee policies are intentionally made accessible to all employees on the intranet, so restricting access is not the primary concern.

CIntegrityCorrect

Integrity ensures that data remains accurate, consistent, and unaltered by unauthorized parties. For a policy document that is periodically updated and relied upon by employees, the primary risk is that the file could be maliciously or accidentally modified to contain incorrect or misleading policies. Controls such as hashing, digital signatures, and access controls protect the integrity of such documents.

DOwnership

Ownership is not a formal pillar of the CIA triad and does not represent a primary security concern in this context; it is a governance/administrative concept rather than a core information security objective.

Concept tested: CIA triad - integrity of published documents

Source: https://www.nist.gov/publications/guide-conducting-risk-assessments

Topics

#data integrity#policy management#intranet security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice