(262) What is the
function of a corporate information security policy?
A. Issue corporate standard to be
used when addressing specific security problems.
B. Issue guidelines in selecting
equipment, configuration, design, and secure operations.
C. Define the specific assets to
be protected and identify the specific tasks which must be completed to secure
them.
D. Define the main security
objectives which must be achieved and the security framework to meet business
objectives.
Correct Answer: D
Explanation/Reference:
Information security policies are
high-level plans that describe the goals of the procedures or controls.
Policies describe security in
general, not specifics. They provide the blueprint fro an overall security program
just as a specification defines your next product.
- Roberta Bragg CISSP Certification Training Guide
(que) pg 587- Muhammad Idham Azhari
No comments:
Post a Comment