CERTIFIED-IN-CYBERSECURITY Question #480: Real Exam Question with Answer & Explanation

Question

What is ensured by an information security policy? ()

Options

• AThe proper communication of the security posture of the organization
• BThat financial documents are securely backed up
• CThe correct handling of employee information on social networks
• DThe commitment of senior management to ensure that access to data is secure

Explanation

The primary function of the information security policy is to ensure senior management's commitment to secure data access. The policy describes the company's approach to information security management, emphasizes the company's commitment to protecting data, and outlines the role of employees in keeping data secure. For example, a software company's information security policy might establish guidelines for secure code development, access control to development environments, and data handling procedures. Senior management's sign-off on this policy signals their commitment to these guidelines. The remaining options, while related to the information security policy, are not essential. Proper handling of employee information on social networks would fall under a social media or privacy policy. Ensuring that financial documents are securely backed up is part of data protection and business continuity planning, but not the primary goal of the information security policy. Finally, the information security policy is a tool for communicating the organization's security posture, not its primary purpose.

No community discussion yet for this question.