AnInformation Security Management System (ISMS)is designed to protect information assets through structured controls, policies, and risk management practices.
EPI aligns with globally accepted security frameworks (e.g., ISO/IEC 27001), where the foundation of an ISMS is theCIA triad:
C — Confidentiality
Ensures information is accessible only to authorized persons.
I — Integrity
Ensures information is accurate, complete, protected from unauthorized modification.
A — Availability
Ensures information and systems are accessible when required.
Implementing an ISMS aims to safeguard these three fundamental information security objectives.
Why the other options are incorrect:
A— This focuses only on records retention, not information security as a whole.
B— Omits integrity and availability, which are essential ISMS elements.
D— Too narrow; ISMS covers all information assets, not just customer records.
Thus, the correct answer isC, which fully represents the CIA triad.
EPI DCFOM-Aligned Reference Concepts (Paraphrased)
ISMS is responsible for protecting confidentiality, integrity, and availability of all information assets.
The CIA triad forms the basis of information security objectives.
