New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSEP Exam - Topic 5 Question 12 Discussion

Actual exam question for ISC2's ISSEP exam
Question #: 12
Topic #: 5
[All ISSEP Questions]

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies?

Each correct answer represents a complete solution. Choose all that apply.

Show Suggested Answer Hide Answer
Suggested Answer: A, B, D

Following are the different types of policies:

Regulatory: This type of policy ensures that the organization is following standards set by specific

industry regulations. This policy type

is very detailed and specific to a type of industry. This is used in financial institutions, health care

facilities, public utilities, and other

government-regulated industries, e.g., TRAI.

Advisory: This type of policy strongly advises employees regarding which types of behaviors and

activities should and should not take

place within the organization. It also outlines possible ramifications if employees do not comply with

the established behaviors and

activities. This policy type can be used, for example, to describe how to handle medical information,

handle financial transactions, or

process confidential information.

Informative: This type of policy informs employees of certain topics. It is not an enforceable policy,

but rather one to teach individuals

about specific issues relevant to the company. It could explain how the company interacts with

partners, the company's goals and

mission, and a general reporting structure in different situations.

Answer option C is incorrect. No such type of policy exists.


by Ilene at May 06, 2022, 01:36 PM

Limited Time Offer

25%

Off

Get Premium ISSEP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Essie
4 months ago
I’m not convinced all organizations need advisory policies.
upvoted 0 times
...
Patti
4 months ago
Informative policies are key for awareness, no doubt!
upvoted 0 times
...
Willow
4 months ago
Wait, what's a systematic policy? Never heard of that one.
upvoted 0 times
...
Bronwyn
4 months ago
Totally agree, advisory policies help guide decisions too.
upvoted 0 times
...
Stephanie
5 months ago
Regulatory policies are a must for compliance!
upvoted 0 times
...
Veronica
5 months ago
I feel like "Systematic" might be a trick option. I should probably stick with "Regulatory" and "Advisory" for sure.
upvoted 0 times
...
Jina
5 months ago
I practiced a similar question last week, and I think "Regulatory" and "Advisory" were the main ones mentioned.
upvoted 0 times
...
Lizbeth
5 months ago
I remember studying different types of policies, but I'm not entirely sure if "Systematic" is a recognized type.
upvoted 0 times
...
Buck
5 months ago
I think "Regulatory" and "Advisory" are definitely correct, but I can't recall if "Informative" fits in there too.
upvoted 0 times
...
Chantell
5 months ago
I remember learning about this in class. I'm confident I can select the right answer.
upvoted 0 times
...
Jolanda
5 months ago
Hmm, I'm not totally sure how to apply a style set. I'll need to review the steps carefully to make sure I do it correctly.
upvoted 0 times
...
Lamar
5 months ago
I think deploying a WAF with a block default action would be counterproductive for allowing legitimate traffic. This one feels tricky!
upvoted 0 times
...

Save Cancel