nerdexam
ExamsCGRCQuestions#251
(ISC)2(ISC)2

CGRC · Question #251

CGRC Question #251: Real Exam Question with Answer & Explanation

The correct answer is B: Issue-specific policy. An issue-specific policy is designed to address particular areas of concern within an organization's security posture.

Security and Privacy Governance, Risk Management, and Compliance Program

Question

Which of the following system security policies is used to address specific issues of concern to the organization? Response:

Options

  • AProgram policy
  • BIssue-specific policy
  • CInformative policy
  • DSystem-specific policy

Explanation

An issue-specific policy is designed to address particular areas of concern within an organization's security posture.

Common mistakes.

  • A. A program policy, also known as a general security policy, provides a high-level overview of an organization's overall security program, rather than specific issues.
  • C. Informative policies are not a standard classification of security policies; rather, policies themselves are informative documents.
  • D. A system-specific policy addresses the security requirements and controls for a particular information system or application, not general issues across the organization.

Concept tested. Types of organizational security policies

Reference. https://csrc.nist.gov/glossary/term/policy

Topics

#Security Policies#Policy Types#Issue-specific Policy

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CGRC PracticeBrowse All CGRC Questions