The British Standard 7799/ISO Standard 17799 discusses cryptographic
policies. It states, An organization should develop a policy on its use of
cryptographic controls for protection of its information . . . . When
developing a policy, the following should be considered: (Which of the
following items would most likely NOT be listed?)
A.
The approach to key management, including methods to deal with
the recovery of encrypted information in the case of lost,
compromised or damaged keys
B.
Roles and responsibilities
C.
The management approach toward the use of cryptographic controls
across the organization
D.
The encryption schemes to be used
Explanation:
A policy is a general statement of management’s intent, and
therefore, a policy would not specify the encryption scheme to be
used. The other answers are appropriate for a cryptographic policy.
The general standards document is BSI ISO/IEC 17799:2000,BS 7799-I: 2000, Information technology-Code of practice for information security
management, British Standards Institution, London , UK . The
standard is intended to provide a comprehensive set of controls
comprising best practices in information security. ISO refers to the
International Organization for Standardization and IEC is the
International Electrotechnical Commission. These two entities form
the system for worldwide standardization.
The main chapter headings of the standard are:
Security PolicyOrganizational Security
Asset Classification and Control
Personnel Security
Physical and Environmental Security
Communications and Operations Management
Access Control
Systems Development and Maintenance
Business Continuity Management
Compliance