Which of the following defines the intent of a system security policy?

Which of the following defines the intent of a system security policy?

Which of the following defines the intent of a system security policy?

A.
A definition of the particular settings that have been determined to provide optimum security.

B.
A brief, high-level statement defining what is and is not permitted during the operation of the
system.

C.
A definition of those items that must be excluded on the system.

D.
A listing of tools and applications that will be used to protect the system.

Explanation:
“A system-specific policy presents the management’s decisions that are closer to
the actual computers, networks, applications, and data. This type of policy can provide an
approved software list, which contains a list of applications that can be installed on individual
workstations. This policy can describe how databases are to be protected, how computers are to
be locked down, and how firewall, intrusion diction systems, and scanners are to be employed.”
Pg 93 Shon Harris CISSP All-In-One Certification Exam Guide



Leave a Reply 0

Your email address will not be published. Required fields are marked *