According to FISMA, which of the following is the security objective primarily impacted by the unauthorized destruction of information?
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Integrity.
There has been a debate on “the destruction of information itself” and “the disruption of access to or use of information or an information system.” However, the FISMA and FIPS 199 explicitly and precisely distinguish the two.
The following slide is an excerpt about security objectives from the FIPS 199, which aligns with the FISMA:
The following is an excerpt about integrity from the FISMA:
“Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity…” [44 U.S.C., Sec. 3542]
- AVAILABILITY is about “Ensuring timely and reliable access to and use of information…” [44 U.S.C., SEC. 3542]
- FIPS 199 reads “A loss of availability is the disruption of access to or use of information or an information system.”
Data Sanitization Methods
“Destroy” is a data sanitization method introduced in the NIST SP 800-88 R1, while “Destruction” is a technique (e.g., destructive techniques) that can “destroy” the media. However, destructive techniques typically can “destroy” the media, but they don’t guarantee the media can be completely destroyed.
Destroy, destruction, and disruption may have similar meanings, but they may refer to different things in various contexts.
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.