ISC2 ISSEP Exam - Topic 4 Question 10 Discussion

Information Assurance (IA) describes the measures that protect and support information and

information systems by ensuring their

availability, integrity, authentication, confidentiality, and non-repudiation. These measures include

providing for restoration of information

systems by incorporating protection, detection, and reaction capabilities.

Answer option C is incorrect. The Information systems security (InfoSec) is described as the security

of an information system against

unauthorized access to or modification of information, whether in storage, processing, or transit,

and against the denial of service to the

authorized users or the provision of service to the unauthorized users, together with those measures

necessary to detect, document and

counter such threats.

Answer option A is incorrect. The Information Systems Security Engineering (ISSE) process is a

combination of information assurance with SE.

It provides incorporated processes and solutions throughout all phases of a system's life cycle in

order to gather the requirements of system's

information assurance. The main emphasis of ISSE is to identify the information protection needs

first and then to use a process-oriented

approach to identify the security risks and subsequently to minimize or contain those risks.

Answer option B is incorrect. The Information Protection Policy (IPP) is defined as a source

document, which is most useful for the ISSE when

classifying the needed security functionality. The IPP document consists of the threats to the

information management and the security

services and controls needed to respond to those threats.