CERTIFIED-IN-CYBERSECURITY · Question #333
CERTIFIED-IN-CYBERSECURITY Question #333: Real Exam Question with Answer & Explanation
The correct answer is C: Policies. Policies are formal, high-level statements of the organization's values, and attitudes regarding a specific issue, such as data privacy, human resources, or operations. They provide guiding principles that help employees make decisions and carry out their tasks within the defined
Question
Which of the following documents establishes context and sets out strategic direction and priorities?
Options
- ARegulations
- BStandards
- CPolicies
- DProcedures
Explanation
Policies are formal, high-level statements of the organization's values, and attitudes regarding a specific issue, such as data privacy, human resources, or operations. They provide guiding principles that help employees make decisions and carry out their tasks within the defined boundaries. Policies are written in a broad way (typically without implementation details); they establish the context and set out strategic direction and priorities (see ISC2 Study Guide, Module 4, under Governance Elements). In contrast, procedures are detailed documents that provide the granular steps required to implement a specific security measure or process. Regulations are external documents that are driven by industry requirements or government regulations. Standards provide a common set of best practices, guidelines, or requirements that can be applied across organizations within an industry
Topics
Community Discussion
No community discussion yet for this question.