PrepAway - Latest Free Exam Questions & Answers

What can best be defined as high-level statements, beli…

What can best be defined as high-level statements, beliefs, goals and objectives?

PrepAway - Latest Free Exam Questions & Answers

A.
Standards

B.
Policies

C.
Guidelines

D.
Procedures

Explanation:
A policy is defined as a high-level document that outlines senior management’s security directives.
A security policy is an overall general statement produced by senior management (or a selected policy board or
committee) that dictates what role security plays within the organization. A security policy can be an
organizational policy, an issue-specific policy, or a system-specific policy. In an organizational security policy,
management establishes how a security program will be set up, lays out the program’s goals, assigns
responsibilities, shows the strategic and tactical value of security, and outlines how enforcement should be
carried out.
Incorrect Answers:
A: Standards are compulsory rules indicating how hardware and software should be implemented, used, and
maintained. Standards provide a means to ensure that specific technologies, applications, parameters, and
procedures are carried out in a uniform way across the organization. They are not defined as high-level
statements, beliefs, goals and objectives.
C: Guidelines are recommended actions and operational guides for users, IT staff, operations staff, and others
when a specific standard does not apply. They are not defined as high-level statements, beliefs, goals and
objectives.
D: Procedures are detailed step-by-step tasks that should be performed to achieve a certain goal. Procedures
spell out how the policy, standards, and guidelines will actually be implemented in an operating environment.
They are not defined as high-level statements, beliefs, goals and objectives.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 106-107


Leave a Reply