Which of the following embodies all the detailed actions that personnel are required to follow?

A.
Standards

B.
Guidelines

C.
Procedures

D.
Baselines

Explanation:
Procedures are detailed step-by-step tasks that should be performed to achieve a certain goal. The steps can
apply to users, IT staff, operations staff, security members, and others who may need to carry out specific
tasks. Many organizations have written procedures on how to install operating systems, configure security
mechanisms, implement access control lists, set up new user accounts, assign computer privileges, audit
activities, destroy material, report incidents, and much more.
Procedures are considered the lowest level in the documentation chain because they are closest to the
computers and users (compared to policies) and provide detailed steps for configuration and installation issues.
Procedures spell out how the policy, standards, and guidelines will actually be implemented in an operating
environment.
Incorrect Answers:
A: Standards are compulsory rules indicating how hardware and software should be implemented, used, and
maintained. Standards provide a means to ensure that specific technologies, applications, parameters, and
procedures are carried out in a uniform way across the organization. They do not contain all the detailed actions
that personnel are required to follow.
B: Guidelines are recommended actions and operational guides for users, IT staff, operations staff, and others
when a specific standard does not apply. They do not contain all the detailed actions that personnel are
required to follow.
D: A Baseline is the minimum level of security necessary to support and enforce a security policy. It does not
contain all the detailed actions that personnel are required to follow.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 106-107