CERTIFIED-IN-CYBERSECURITY · Question #530
CERTIFIED-IN-CYBERSECURITY Question #530: Real Exam Question with Answer & Explanation
The correct answer is A: To guide behavior, set standards, and ensure organizational compliance. A policy is a set of principles that guide decisions and achieve rational outcomes. For example, an organization's cybersecurity policy would guide employee behavior regarding the use of technology and data, set standards for privacy, and ensure that the organization complies wit
Question
What is the purpose of a policy?
Options
- ATo guide behavior, set standards, and ensure organizational compliance
- BTo provide specific step-by-step instructions to accomplish a task or process
- CTo provide a set of criteria to be met
- DTo enforce specific requirements for cybersecurity and can carry penalties for non-compliance
Explanation
A policy is a set of principles that guide decisions and achieve rational outcomes. For example, an organization's cybersecurity policy would guide employee behavior regarding the use of technology and data, set standards for privacy, and ensure that the organization complies with relevant laws and regulations (ISC2 Study Guide, Chapter 1, Module 4). The other options are incorrect because they describe procedures, standards, and regulations, not policies. Procedures provide specific step-by-step instructions for completing a task or process, such as a procedure for responding to a data breach. Criteria are a set of standards to be met, not a guide to behavior. Regulations enforce specific cybersecurity requirements and can impose penalties for noncompliance, but they are not policies set by the organization itself.
Topics
Community Discussion
No community discussion yet for this question.