A security policy that will stand the test of time includes the following except:
A.
Directive words such as shall, must, or will
B.
Defined policy development process
C.
Short in length
D.
Technical specifications
Explanation:
D: Technical implementation details do not belong in a policy. Policies must be written technology independent. Technology controls may change over time as an organizations risk profi le changes and new vulnerabilities are found. Page 414.