nerdexam
(ISC)2

CISSP · Question #59

When constructing an Information Protection Policy (IPP), it is important that the stated rules are necessary, adequate, and

The correct answer is D. achievable.. An Information Protection Policy (IPP) is a document that defines the objectives, scope, roles, responsibilities, and rules for protecting the information assets of an organization. An IPP should be aligned with the business goals and legal requirements, and should be communicate

Submitted by diego_uy· Mar 5, 2026Security and Risk Management

Question

When constructing an Information Protection Policy (IPP), it is important that the stated rules are necessary, adequate, and

Options

  • Aflexible.
  • Bconfidential.
  • Cfocused.
  • Dachievable.

How the community answered

(36 responses)
  • A
    3% (1)
  • C
    6% (2)
  • D
    92% (33)

Explanation

An Information Protection Policy (IPP) is a document that defines the objectives, scope, roles, responsibilities, and rules for protecting the information assets of an organization. An IPP should be aligned with the business goals and legal requirements, and should be communicated and enforced throughout the organization. When constructing an IPP, it is important that the stated rules are necessary, adequate, and achievable, meaning that they are relevant, sufficient, and realistic for the organization's context and capabilities.

Topics

#Information Protection Policy#policy attributes#security governance

Community Discussion

No community discussion yet for this question.

Full CISSP Practice