ISC2 ISSEP Exam - Topic 5 Question 28 Discussion

The Statistical process control (SPC) is the application of statistical methods to the monitoring and

control of a process to ensure that it

operates at its full potential to produce conforming product. Under SPC, a process behaves

predictably to produce as much conforming product

as possible with the least possible waste.

While SPC has been applied most frequently to controlling manufacturing lines, it applies equally

well to any process with a measurable

output. Key tools in SPC are control charts, a focus on continuous improvement and designed

experiments. With its emphasis on early

detection and prevention of problems, SPC has a distinct advantage over other quality methods,

such as inspection, that apply resources to

detecting and correcting problems after they have occurred.

Answer option A is incorrect. Information Assurance (IA) describes the measures that protect and

support information and information

systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.

These measures include providing for

restoration of information systems by incorporating protection, detection, and reaction capabilities.

Answer option D is incorrect. The IMM is the source document describing the customer's needs

based on identifying users, processes, and

information.

Answer option C is incorrect. The Information Protection Policy (IPP) is defined as a source

document, which is most useful for the ISSE when

classifying the needed security functionality. The IPP document consists of the threats to the

information management and the security

services and controls needed to respond to those threats.