Which of the following is NOT used in the practice of Information Assurance (IA) to define assurance requirements.
Click on the arrows to vote for the correct answer
A. B. C. D.C.
In the practice of Information Assurance (IA), assurance requirements are used to ensure that information systems are secure and protected against unauthorized access or malicious attacks. Various models and frameworks are used to define these assurance requirements.
Option C, Communications Management Plan, is not typically used in the practice of IA to define assurance requirements. A Communications Management Plan is a project management tool that outlines how communication will be managed throughout a project, including who will be responsible for communication, what channels will be used, and what information will be communicated. While communication is an important aspect of IA, it is not directly used to define assurance requirements.
Option A, the Classic Information Security Model, is a commonly used model to define assurance requirements. This model includes the following steps: (1) risk assessment, (2) risk management, (3) security control implementation, (4) security testing and evaluation, and (5) security maintenance. These steps are used to ensure that security measures are effective, up-to-date, and maintained over time.
Option B, the Five Pillars model, is another commonly used model to define assurance requirements. This model includes five pillars: (1) confidentiality, (2) integrity, (3) availability, (4) accountability, and (5) auditability. These pillars are used to ensure that information systems are secure and protected against unauthorized access or malicious attacks.
Option D, the Parkerian Hexad, is another model that is used to define assurance requirements. This model includes six elements: (1) confidentiality, (2) possession or control, (3) integrity, (4) authenticity, (5) availability, and (6) utility. These elements are used to ensure that information systems are secure and protected against a variety of threats.
In summary, the Communications Management Plan is not typically used in the practice of IA to define assurance requirements, while the Classic Information Security Model, the Five Pillars model, and the Parkerian Hexad are commonly used.