CISSP – Information Systems Security Management Professional (ISSMP) — Question 13

Which of the following statements is related with the second law of OPSEC?

Answer options

• A. If you are not protecting it (the critical and sensitive information), the adversary wins!
• B. If you don't know what to protect, how do you know you are protecting it?
• C. If you don't know about your security resources you could not protect your network.
• D. If you don't know the threat, how do you know what to protect?

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of identifying what needs protection to effectively safeguard it. Options A, C, and D, while related to security, do not specifically address the necessity of knowing what to protect, which is the focus of the second law of OPSEC.