CIA is all about Data and access to it. I don't have a good reason for C, however I would go C by elimination of the others, B doesn't have the word data in the answer, CIA is not an vulnerability assessment, and CIA isn't a tool.
CISSP Official Study Guide (page 4-5)
The CIA triad is a security concept and is perceived as the primary goal and objective of a security infrastructure. It defines the basic parameters needed for a secure environment. Security controls are evaluated on how well they address these three core information security tenets.
I vote A just because.. the CIA triad is a conceptual framework for understanding information security objectives, rather than a specific methodology or tool.
A vulnerability assessment is a process to identify weaknesses in an organization's systems and networks.
The C-I-A triad is a framework to help us understand how to proceed, for example when securing data. It is therefore irrelevant whether the word ‘tool’ is to be understood here as software, it is rather to be understood as an assistant.
Haha soooo many people on here have zero understanding of the word "tool" A tool is ANYTHING that would assist you with the implementation. This could be training, google, a manual, a model, a concept, a standard, CISSP certification, the list goes on.
Hillarious how many think the CIA triad, an intangible construct that is only in our heads, is somehow an implementation of security controls
Option C could be interpreted as implying that the confidentiality, integrity, and availability (CIA) triad refers to the implementation of security systems to protect an organization's data. While security systems are indeed employed to uphold these principles, the CIA triad itself is not a specific implementation or system but rather a foundational concept guiding security strategies.
The CIA triad outlines three primary objectives essential to information security—ensuring data confidentiality, maintaining data integrity, and guaranteeing data availability. It's a principle or guideline used to shape the design, selection, and implementation of security measures and systems within an organization to protect its data and resources. Therefore, while security systems are implemented to align with the CIA triad, the triad itself represents the overarching principles rather than the specific tools or systems used for protection.
Among the given options, C best describes the CIA triad from a CISSP perspective as it highlights the implementation of security systems to safeguard and protect an organization's data.
The wording is not appropriate enough... I mean, D would be more accurate.
CIA triad does not implement, it is a concept (moreless a immaterial tool to help CISOs).
This is another language comprehension test.
I interpreted "tool" as a metaphor for "something that helps", which could also apply to frameworks, models, etc.
But obviously I was wrong. :-(
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
stickerbush1970
Highly Voted 2 years, 5 months agojackdryan
1 year, 9 months agoinmymind84
Highly Voted 2 years, 5 months agomaawar83
1 year, 1 month agoeboehm
10 months, 2 weeks agoangellorv
Most Recent 1 month, 4 weeks agoRRabbit_111
2 months, 3 weeks agoKJ44
3 months, 3 weeks agodeeden
6 months, 2 weeks ago1460168
6 months, 3 weeks ago50e940e
7 months, 4 weeks agoCCNPWILL
9 months agoeboehm
10 months, 2 weeks agogjimenezf
1 year, 1 month agoSpaceMonkey1
1 year, 3 months ago74gjd_37
1 year, 5 months agoNicola_2_Reg
1 year, 5 months agogeorgegeorge125487
1 year, 6 months agodmo_d
1 year, 9 months agoSaintDaSinner
2 years ago