CSSLP Question #128: Real Exam Question with Answer & Explanation

Question

Which of the following refers to a process that is used for implementing information security?

Options

• AClassic information security model
• BFive Pillars model
• CCertification and Accreditation (C&A)
• DInformation Assurance (IA)

Explanation

Certification and Accreditation (C&A) is a formal process used to assess and authorize an information system's security posture. This process determines if an information system meets predefined security requirements before being put into operation.

Common mistakes.

• A. The Classic information security model typically refers to the CIA triad (Confidentiality, Integrity, Availability), which describes security goals, not a process for implementation.
• B. The Five Pillars model is a generic term that could refer to various frameworks (e.g., cloud security, zero trust), but it is not a universally recognized process for implementing information security.
• D. Information Assurance (IA) is a broader concept encompassing the measures taken to protect and defend information and information systems, rather than a specific implementation process.

Concept tested. Information security implementation processes

Reference. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-37r1.pdf

No community discussion yet for this question.