CISSP · Question #1264
employee training, risk management, and data handling procedures and policies could be characterized as which type of security measure?
The correct answer is D. Administrative. Employee training, risk management, and data handling procedures and policies could be characterized as administrative security measures. Administrative security measures are the policies, procedures, standards, guidelines, and practices that define and govern the roles, responsi
Question
Options
- ANon-essential
- BManagement
- CPreventative
- DAdministrative
How the community answered
(23 responses)- A4% (1)
- B4% (1)
- D91% (21)
Explanation
Employee training, risk management, and data handling procedures and policies could be characterized as administrative security measures. Administrative security measures are the policies, procedures, standards, guidelines, and practices that define and govern the roles, responsibilities, and actions of the personnel and the organization in relation to the security of the information systems and the data. Administrative security measures could be characterized as administrative security measures, because they can: Establish and communicate the security objectives, requirements, and expectations of the organization and the personnel, and provide the direction and the guidance for achieving and maintaining them. Educate and train the personnel on the security awareness, skills, and behaviors, and evaluate and monitor their performance and compliance with the security policies and procedures. Identify and assess the risks and the threats to the information systems and the data, and implement and review the controls and the countermeasures to mitigate and manage them.
Topics
Community Discussion
No community discussion yet for this question.