(ISC)2(ISC)2
SSCP · Question #1149
SSCP Question #1149: Real Exam Question with Answer & Explanation
The correct answer is D: There is no minimum length - the policy length should support the business needs. The appropriate length of a security policy is determined by the specific business requirements and scope, rather than a fixed minimum page count.
Submitted by jaden.t· Apr 18, 2026Security Concepts and Practices
Question
What is the minimum recommended length of a security policy?
Options
- A200 pages
- B5 pages
- C1 page
- DThere is no minimum length - the policy length should support the business needs
Explanation
The appropriate length of a security policy is determined by the specific business requirements and scope, rather than a fixed minimum page count.
Common mistakes.
- A. A policy that is excessively long might be difficult to read, understand, and implement, making it less effective.
- B. Five pages might be too short for a comprehensive security policy in many organizations, potentially omitting critical details or scope.
- C. A single page is almost certainly insufficient to cover the complex security requirements of any but the smallest and simplest organizations.
Concept tested. Security policy development principles
Topics
#Security Policies#Policy Management#Security Governance#Business Needs
Community Discussion
No community discussion yet for this question.