Which of the following policies is used to add additional information about the overall security
posture and serves to protect employees and organizations from inefficiency or ambiguity?

A.
User policy

B.
Group policy

C.
Issue-Specific Security Policy

D.
IT policy

Explanation:

The Issue-Specific Security Policy (ISSP) is used to add additional information about the overall
security posture. It helps in providing detailed, targeted guidance for instructing organizations in
the secure use of tech systems. This policy serves to protect employees and organizations from
inefficiency or ambiguity.
Answer option A is incorrect. A user policy helps in defining what users can and should do to use
network and organization’s computer equipment. It also defines what limitations are put on users
for maintaining the network secure such as whether users can install programs on their
workstations, types of programs users are using, and how users can access data.
Answer option D is incorrect. IT policy includes general policies for the IT department. These
policies are intended to keep the network secure and stable. It includes the following:
Virus incident and security incident
Backup policy
Client update policies
Server configuration, patch update, and modification policies (security)
Firewall policiesDmz policy, email retention, and auto forwarded email policy
Answer option B is incorrect. A group policy specifies how programs, network resources, and the
operating system work for users and computers in an organization.