(263) Why must senior
management endorse a security policy?
A. So that they will accept
ownership for security within the organization.
B. So that employees will follow
the policy directives.
C. So that external bodies will
recognize the organizations commitment to security.
D. So that they can be held
legally accountable.
Correct Answer: A
Explanation/Reference:
This
really does not a reference as it should be known. Upper management is legally
accountable (up to 290 million
fine). External organizations answer is not really to pertinent (however it
stated that other organizations
will respect a BCP and disaster recover plan). Employees need to be bound to
the policy regardless of
who signs it but it gives validity. Ownership is the correct answer in this
statement. However, here is a
reference. "Fundamentally important to any security program's success us
the senior management's
high-level statement of commitment to the information security policy process
and a senior management's
understanding of how important security controls and protections are to the
enterprise's continuity.
Senior management must be aware of the importance of security implementation to
preserve the organization's
viability (and for their own 'due care' protection) and must publicly support that
process throughout the enterprise." -Ronald Krutz The
CISSP PREP Guide (gold edition) pg 13
- Muhammad Idham Azhari
No comments:
Post a Comment