Which of the following statements BEST describes policy?
A.
A minimum threshold of information security controls that must be implemented
B.
A checklist of steps that must be completed to ensure information security
C.
An overall statement of information security scope and direction
D.
A technology-dependent statement of best practices
Explanation:
A policy is an executive mandate which helps in identifying a topic that contains particular risks to
avoid or prevent. Policies are high-level documents signed by a person of high authority with the
power to force cooperation. The policy is a simple document stating that a particular high-level
control objective is important to the organization’s success. Policies are usually only one page in
length. The authority of the person mandating a policy will determine the scope of implementation.
Hence in other words, policy is an overall statement of information security scope and direction.