CISSP · Question #863
In order for a security policy to be effective within an organization, it MUST include
The correct answer is D. disciplinary measures for non compliance.. Security Policy Effectiveness Disciplinary measures for non-compliance are essential because a policy without enforceable consequences has no real authority - employees are far less likely to follow rules when there is no accountability or risk of punishment. A security policy on
Question
Options
- Astrong statements that clearly define the problem.
- Ba list of all standards that apply to the policy.
- Cowner information and date of last revision.
- Ddisciplinary measures for non compliance.
How the community answered
(25 responses)- B4% (1)
- C4% (1)
- D92% (23)
Explanation
Security Policy Effectiveness
Disciplinary measures for non-compliance are essential because a policy without enforceable consequences has no real authority - employees are far less likely to follow rules when there is no accountability or risk of punishment. A security policy only becomes truly effective when people understand there are real repercussions for violating it, making enforcement the critical component that transforms a document into a functional control.
Why the distractors fall short:
- Option A (strong problem statements) is helpful for clarity but doesn't enforce compliance - a well-written policy that no one follows is still ineffective.
- Option B (list of standards) is a best practice for documentation but is supplementary, not a must-have for effectiveness.
- Option C (owner info and revision date) supports governance and maintenance but is an administrative detail, not what drives people to actually follow the policy.
Memory Tip: Think of it like a speed limit sign - clearly written (A), referenced in law books (B), and dated (C), but drivers only slow down because of the fine (D). No consequence = no compliance.
Topics
Community Discussion
No community discussion yet for this question.