Free Preparation Discussions
MENU
ISC2 Exam ISSEP Topic 5 Question 12 Discussion
Topic #: 5
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies?
Each correct answer represents a complete solution. Choose all that apply.
Following are the different types of policies:
Regulatory: This type of policy ensures that the organization is following standards set by specific
industry regulations. This policy type
is very detailed and specific to a type of industry. This is used in financial institutions, health care
facilities, public utilities, and other
government-regulated industries, e.g., TRAI.
Advisory: This type of policy strongly advises employees regarding which types of behaviors and
activities should and should not take
place within the organization. It also outlines possible ramifications if employees do not comply with
the established behaviors and
activities. This policy type can be used, for example, to describe how to handle medical information,
handle financial transactions, or
process confidential information.
Informative: This type of policy informs employees of certain topics. It is not an enforceable policy,
but rather one to teach individuals
about specific issues relevant to the company. It could explain how the company interacts with
partners, the company's goals and
mission, and a general reporting structure in different situations.
Answer option C is incorrect. No such type of policy exists.
Currently there are no comments in this discussion, be the first to comment!