Which choice below is NOT an example of an issue-specific policy?

seenagapeSeptember 13, 2013

A.
Virus-checking disk policy

B.
Defined router ACLs

C.
Unfriendly employee termination policy

D.
E-mail privacy policy

Explanation:
Answer c is an example of a system-specific policy, in this case
the router’s access control lists. The other three answers are
examples of issue-specific policy, as defined by NIST. Issue-specific
policies are similar to program policies, in that they are not
technically focused. While program policy is traditionally more
general and strategic (the organization’s computer security
program, for example), issue-specific policy is a nontechnical
policy addressing a single or specific issue of concern to the
organization, such as the procedural guidelines for checking disks
brought to work or e-mail privacy concerns. System-specific policy
is technically focused and addresses only one computer system or
device type. Source: National Institute of Standards and Technology,
An Introduction to Computer Security: The NIST Handbook Special
Publication 800-12.

One Comment on “Which choice below is NOT an example of an issue-specific policy?”

Jamal Ahmed says:

December 29, 2013 at 10:40 am

issue-specific policy is a nontechnical
policy

0

0

Log in to Reply

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISC Exam Questions

Free ISC2 Study Guide

Which choice below is NOT an example of an issue-specific policy?

One Comment on “Which choice below is NOT an example of an issue-specific policy?”

Leave a Reply Cancel reply