An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern?
A. Ownership
B. Confidentiality
C. Availability
D. Integrity
|
Download Printable PDF. VALID exam to help you PASS. |
 |
D. Integrity is correct. The question is about having only the latest copy of a policy in circulation and old copies should be shredded/overwritten etc. Lots of users would have downloaded different versions of the file from the intranet.
Actually, all 3 parts of the CIA triad are valid here. There’s just one that’s suitable to be a PRIMARY security concern above the others. The key info in this question is “organization publishes and periodically updates,” “employee policies,” and “Intranet.” We can rule out Confidentiality because it’s not a concern here. If it was PHI or PII data then yes, it would be the primary concern here. I don’t think Integrity is primary concern here either because, again it’s an employee policy. How many hackers would focus on modifying a useless policy that doesn’t provide them productive data such as usernames and passwords or system hostnames? No, I think that C – Availability is the correct answer to this specific situation because if the files are unavailable, either due to DoS or DDoS, buffer overflows, or smurf attacks (all security attacks), the organization wouldn’t be able to periodically update the employee policies.
I think C is correct.
Employee policies should be in a place that everyone can read quickly and easily.
Not all employees can see files on the intranet. All employees include people who are not IT employees.
Few employees follow a Employee policy that is not immediately readable.
As reference, the Employee Policy Handbook includes the following items.(These are security related.)
・Employees are not allowed on Company property after hours without proper authorization.
・Employees given the responsibility to close the business at the end of the day assume responsibility for locking doors, arming alarm systems, and performing any additional building care, such as turning off lights or setting thermostats.
・Employees issued work keys are responsible for them.
Maybe they are concerned with security, hens why they publishing employee policies on their intranet rather than on internet.
You may be right. D is a security concern. If the word “security” would not have been present then C, Availability, would have been the correct answer.
Availability is also part of the security concern
I disagree with this. I would choose “D – Integrity” because the intranet may not have tight controls and the document could be edited by an unauthorized person.
Choosing “C – Availability” as the answer is assuming that their intranet is not on systems that are highly available, but the questions doesn’t hint about that.
I am with you on D. With that many editions coming out, we also want to guarantee that the proper editions are available.