Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session.
Application access is based on job classification. The organization is subject to periodic independent
reviews of access controls and violations. The organization uses wired and wireless networks and
remote access. The organization also uses secure connections to branch offices and secure backup
and recovery strategies for selected information and processes.
Following best practice, where should the permitted access for each department and job
classification combination be specified?
A.
Security procedures
B.
Security standards
C.
Human resource policy
D.
Human resource standards
Is this really the correct answer? I think it´s A, because a standard should not content this granularity of access-right to job/department mapping. Usually standards are high-level collection of best-practices. Or is a standard in this context of the question a security policy of the company?
0
0
I agree with Oli, the answer should be A,because in a standard the content is not given granularly and Procedure document contains the step by step process and procedure of what should be performed for a specific process.
0
0
Standards:
Standards are much more specific than policies. Standards are tactical documents because they lay out specific steps or processes required to meet a certain requirement. As an example, a standard might set a mandatory requirement that all email communication be encrypted.
So although it does specify a certain standard, it doesn’t spell out how it is to be done. That is left for the procedure.
B.
0
0
Agree with Ben
0
0