A security policy is an overall general statement produced by senior management that dictates
what role security plays within the organization. Which of the following are required to be
addressed in a well designed policy? Each correct answer represents a part of the solution.
Choose all that apply.
A.
What is being secured?
B.
Where is the vulnerability, threat, or risk?
C.
Who is expected to exploit the vulnerability?
D.
Who is expected to comply with the policy?
Explanation:
A security policy is an overall general statement produced by senior management
(or a selected policy board or committee) that dictates what role security plays within the
organization. A well designed policy addresses the following: What is being secured? – Typically
an asset. Who is expected to comply with the policy? – Typically employees. Where is the
vulnerability, threat, or risk? – Typically an issue of integrity or responsibility.