Which combination of components typically constitutes information security in C2?

Information security in a C2 system relies on a layered approach that protects data at rest and in transit, restricts who can access or act on that data, and defends the entire system from cyber threats. Encryption secures the content of communications and stored information, making it unreadable without the key. Access control enforces who is authorized to view or modify information and perform command-and-control actions, preventing credential abuse or insider threats. Cyber defense provides ongoing protection and resilience—monitoring for intrusions, detecting anomalies, and quickly isolating or recovering from breaches to keep C2 operations available and trustworthy. Relying on encryption alone leaves gaps where authorized users might be compromised or where an attacker can disrupt the system; physical security alone doesn’t address cyber risks; security by obscurity is not a robust strategy. Therefore, combining encryption, access control, and cyber defense delivers the comprehensive protection typical for information security in C2.