312-50V13 · Question #159
Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they b
The correct answer is B. Information Security Policy (ISP). The formal written document outlining employee responsibilities, permitted and prohibited activities on company systems, and consequences for policy violations, requiring employee acknowledgment, is known as an Information Security Policy.
Question
Options
- AInformation Audit Policy (IAP)
- BInformation Security Policy (ISP)
- CPenetration Testing Policy (PTP)
- DCompany Compliance Policy (CCP)
How the community answered
(37 responses)- A3% (1)
- B89% (33)
- C3% (1)
- D5% (2)
Why each option
The formal written document outlining employee responsibilities, permitted and prohibited activities on company systems, and consequences for policy violations, requiring employee acknowledgment, is known as an Information Security Policy.
An Information Audit Policy (IAP) outlines how audits are conducted to assess security controls and compliance, not the rules for employee use of IT systems.
An Information Security Policy (ISP) is a comprehensive document that defines the rules, procedures, and responsibilities for protecting an organization's information assets, including acceptable use of IT systems, prohibited activities, and the disciplinary actions for non-compliance. It is crucial for establishing security expectations and compliance.
A Penetration Testing Policy (PTP) governs the authorized simulation of cyberattacks to identify vulnerabilities, which is a specific security testing activity, not a general user behavior policy.
A Company Compliance Policy (CCP) is a broad term that could cover various regulatory or internal standards, but an Information Security Policy is the specific document governing the secure and acceptable use of IT resources.
Concept tested: Information Security Policy (ISP)
Source: https://learn.microsoft.com/en-us/compliance/assurance/assurance-overview-of-information-security-policy-and-management
Topics
Community Discussion
No community discussion yet for this question.