Which of the following should be included in an organization’s IS security policy?
A.
A list of key IT resources to be secured
B.
The basis for access authorization
C.
Identity of sensitive security features
D.
Relevant software security features
Explanation:
The security policy provides the broad framework of security, as laid down and approved by senior
management. It includes a definition of those authorized to grant access and the basis for granting the access.
Choices A, B and C are more detailed than that which should be included in a policy.