What is the function of a corporate information security policy?
A.
Issue corporate standard to be used when addressing specific security problems.
B.
Issue guidelines in selecting equipment, configuration, design, and secure operations.
C.
Define the specific assets to be protected and identify the specific tasks which must be
completed to secure them.
D.
Define the main security objectives which must be achieved and the security framework to meet
business objectives.
Explanation:
Information security policies are high-level plans that describe the goals of the
procedures or controls. Policies describe security in general, not specifics. They provide the
blueprint fro an overall security program just as a specification defines your next product. -Roberta Bragg CISSP Certification Training Guide (que) pg 587