Friday, September 19, 2014

CISSP Exam Preparation (Question 262)

(262) What is the function of a corporate information security policy?

A. Issue corporate standard to be used when addressing specific security problems.
B. Issue guidelines in selecting equipment, configuration, design, and secure operations.
C. Define the specific assets to be protected and identify the specific tasks which must be completed to secure them.
D. Define the main security objectives which must be achieved and the security framework to meet business objectives.

Correct Answer: D

Explanation/Reference:
Information security policies are high-level plans that describe the goals of the procedures or controls.
Policies describe security in general, not specifics. They provide the blueprint fro an overall security program just as a specification defines your next product.
- Roberta Bragg CISSP Certification Training Guide (que) pg 587

- Muhammad Idham Azhari

No comments: