After a recent security breach, you have been asked to create a Security Policy for your company. Which statement describes a Security Policy?

A.
details of which tools should be used to maintain security

B.
specific procedures to implement security in your organization

C.
a security baseline for use when implementing systems and procedures

D.
an audit report on how security is currently configured within your organization

E.
a report on how the security breach occurred, and how to avoid another occurrence in the future