A security policy is an overall general statement produced by senior management that dictates
what role security plays within the organization. Which of the following are required to be
addressed in a well designed policy Each correct answer represents a part of the solution. Choose
all that apply.
A.
What is being secured
B.
Who is expected to comply with the policy
C.
Where is the vulnerability, threat, or risk
D.
Who is expected to exploit the vulnerability