CISSP – Information Systems Security Management Professional (ISSMP) — Question 9

Which of the following statements is related with the first law of OPSEC?

Answer options

• A. If you are not protecting it (the critical and sensitive information), the adversary wins!
• B. If you don't know what to protect, how do you know you are protecting it?
• C. If you don't know about your security resources you could not protect your network.
• D. If you don't know the threat, how do you know what to protect?

Correct answer: D

Explanation

The correct answer, D, emphasizes the necessity of understanding threats to identify what needs protection. Options A, B, and C, while relevant to security concepts, do not directly relate to the first law of OPSEC, which focuses on threat awareness as a prerequisite for effective protection.