nerdexam
(ISC)2

CAP · Question #191

Which of the following system security policies is used to address specific issues of concern to the organization?

The correct answer is B. Issue-specific policy. Security policies are categorized into three types: (1) Program policy - establishes the overall security program and its governance framework; (2) Issue-specific policy - targets a particular security concern or technology area (e.g., acceptable use, email security, remote acces

Security and Privacy Governance, Risk Management, and Compliance Program

Question

Which of the following system security policies is used to address specific issues of concern to the organization?

Options

  • AProgram policy
  • BIssue-specific policy
  • CInformative policy
  • DSystem-specific policy

How the community answered

(36 responses)
  • A
    3% (1)
  • B
    94% (34)
  • D
    3% (1)

Explanation

Security policies are categorized into three types: (1) Program policy - establishes the overall security program and its governance framework; (2) Issue-specific policy - targets a particular security concern or technology area (e.g., acceptable use, email security, remote access), allowing the organization to address evolving or specific threats in focused detail; (3) System-specific policy - applies to a single information system and defines its security requirements. Because the question asks about addressing 'specific issues of concern,' the issue-specific policy is the correct match. It is narrower than program policy but broader than a system-specific policy.

Topics

#Security Policy#Policy Types#Issue-specific Policy

Community Discussion

No community discussion yet for this question.

Full CAP Practice