(268) Which one of the following is NOT a fundamental component of
a Regulatory Security Policy?
A. What is to be done.
B. When it is to be done.
C. Who is to do it.
D. Why is it to be done
Correct Answer: C
Explanation/Reference:
Regulatory Security policies are mandated to the
organization but it up to them to implement it. "Regulatory - This
policy is written to ensure that the organization is following standards set by
a specific industry and is regulated by law. The policy type is detailed in
nature and specific to a type of industry. This is used in financial
institutions, health care facilities, and public utilities." - Shon Harris
All-in-one CISSP Certification Guide pg 93-94
- Muhammad Idham Azhari
No comments:
Post a Comment