nerdexam
(ISC)2

CAP · Question #139

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies? Each correct a

The correct answer is B. Informative C. Regulatory D. Advisory. Security policies are commonly classified into three types: (B) Informative policies, which educate users about specific topics without mandating compliance; (C) Regulatory policies, which are required to comply with laws, regulations, or industry standards (e.g., HIPAA, SOX); an

Security and Privacy Governance, Risk Management, and Compliance Program

Question

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies? Each correct answer represents a complete solution. Choose all that apply.

Options

  • ASystematic
  • BInformative
  • CRegulatory
  • DAdvisory

How the community answered

(31 responses)
  • A
    10% (3)
  • B
    90% (28)

Explanation

Security policies are commonly classified into three types: (B) Informative policies, which educate users about specific topics without mandating compliance; (C) Regulatory policies, which are required to comply with laws, regulations, or industry standards (e.g., HIPAA, SOX); and (D) Advisory policies, which strongly recommend certain behaviors or actions but are not strictly mandatory. Option A, 'Systematic,' is not a recognized standard category of security policy in information security frameworks such as those defined by (ISC)² or NIST.

Topics

#Security Policies#Policy Types#Information Security Governance

Community Discussion

No community discussion yet for this question.

Full CAP Practice