CERTIFIED-IN-CYBERSECURITY Question #396: Real Exam Question with Answer & Explanation

Question

What is the difference between a standard and a regulation?

Options

• AStandards provide specific step-by-step instructions to achieve a task or process, while
• BStandards set criteria to be met, while regulations are legally binding and must be followed
• CStandards are optional and have no legal consequences, while regulations are legally binding and
• DStandards are legally binding and must be followed, while regulations provide guidance on how to

Explanation

Standards are guidelines or frameworks that provide best practices for achieving a specific outcome. They are typically developed by industry or professional organizations and are often voluntary, although they can become mandatory when adopted by specific industries or when incorporated into contracts or regulations. For example, ISO 27001 provides guidelines for implementing an information security management system. In specific industries, compliance to particular standards is mandatory by law, with a failure to comply resulting in regulatory/legal consequences (see ISC2 Study Guide, Chapter 1, Module 4). Regulations, on the other hand, are rules or guidelines issued by a government or regulatory body. They are legally binding and must be followed or face legal penalties. For example, the General Data Protection Regulation (GDPR) is a regulation in the European Union that sets rules for the protection of personal data (see ISC2 Study Guide, Chapter 1, Module 4). The other options are incorrect. Standards do not provide specific step-by-step instructions on how to perform a task or process, and they are not legally binding (although they can become so when incorporated into contracts or regulations). Regulations do not provide guidance on how to achieve a desired outcome; instead, they establish legally binding rules that must be followed.

No community discussion yet for this question.