What is the primary responsibility of Information Security?

• A. Establishing a set of processes that will protect information assets, regardless of how that information is formatted or whether it is in transit, processed, or at rest in storage
• B. Managing marketing communications
• C. Ensuring only data at rest is protected
• D. Providing physical access to devices

Answer: (A)

Information security is about protecting information assets through a comprehensive set of processes and controls that apply to data in all states—while it’s in transit, during processing, or at rest in storage. This means establishing policies, governance, risk management, and technical and administrative controls (such as encryption, access management, monitoring, and incident response) so the organization consistently safeguards confidentiality, integrity, and availability of information. The goal isn’t limited to one form or state of data but to a cohesive security program that spans people, processes, and technology.

The other options miss the breadth and purpose: marketing communications isn’t about protecting information; focusing only on data at rest ignores data in motion and during processing; and providing physical access to devices would compromise security rather than protect it.