ISC2 Exam ISSEP Topic 5 Question 44 Discussion

Actual exam question for ISC2's Information Systems Security Engineering Professional exam

Question #: 44
Topic #: 5

A security policy is an overall general statement produced by senior management that dictates what

role security plays within the organization. Which of the following are required to be addressed in a

well designed policy? Each correct answer represents a part of the solution. Choose all that apply.

AWhat is being secured?

BWho is expected to comply with the policy?

CWhere is the vulnerability, threat, or risk?

DWho is expected to exploit the vulnerability?

Show Suggested Answer

Suggested Answer: A, B, C

A security policy is an overall general statement produced by senior management (or a selected

policy board or committee) that dictates what

role security plays within the organization.

A well designed policy addresses the following:

What is being secured? - Typically an asset.

Who is expected to comply with the policy? - Typically employees.

Where is the vulnerability, threat, or risk? - Typically an issue of integrity or responsibility.

by Yoko at May 08, 2022, 11:18 AM

Limited Time Offer

25%

Off

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!