nerdexam
EC-Council

312-50V11 · Question #690

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they b

The correct answer is B. Information Security Policy (ISP). A formal written document that defines acceptable use of company systems, prohibited activities, and disciplinary consequences for employees is called an Information Security Policy (ISP).

Information Security and Ethical Hacking Fundamentals

Question

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called?

Options

  • AInformation Audit Policy (IAP)
  • BInformation Security Policy (ISP)
  • CPenetration Testing Policy (PTP)
  • DCompany Compliance Policy (CCP)

How the community answered

(51 responses)
  • A
    2% (1)
  • B
    94% (48)
  • C
    4% (2)

Why each option

A formal written document that defines acceptable use of company systems, prohibited activities, and disciplinary consequences for employees is called an Information Security Policy (ISP).

AInformation Audit Policy (IAP)

An 'Information Audit Policy' is not a recognized standard document type; audits involve reviewing existing compliance, not defining acceptable use rules for new employees.

BInformation Security Policy (ISP)Correct

The Information Security Policy (ISP) is the standard term for a formal document that communicates to employees what is permissible, what is forbidden, and the consequences of violations on company systems. It is distributed upon onboarding and requires a signed acknowledgment before system access is granted. The signed copy creates a legal and administrative record of the employee's agreement to the terms.

CPenetration Testing Policy (PTP)

A Penetration Testing Policy governs the scope and authorization of security testing engagements, not general employee computer use agreements.

DCompany Compliance Policy (CCP)

'Company Compliance Policy' is not a standard recognized term for the employee acceptable-use agreement described in the question.

Concept tested: Information Security Policy employee acceptable use

Source: https://www.nist.gov/cyberframework

Topics

#information security policy#acceptable use policy#security documentation#compliance

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice