Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 129 discussion

Actual exam question from Isaca's CISM
Question #: 129
Topic #: 1
[All CISM Questions]

An information security manager wants to document requirements detailing the minimum security controls required for user workstations. Which of the following resources would be MOST appropriate for this purpose?

  • A. Policies
  • B. Standards
  • C. Procedures
  • D. Guidelines
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Ziggybooboo at Oct. 15, 2022, 3:42 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
EZPASS
Highly Voted 2 years ago
Answer is B. --- 1) A policy is a high-level statement of management intent that formally establishes requirements to guide decisions and achieve rational outcomes. A policy is intended to come from the CEO or board of directors that has strategic implications. ---- 2) A Standard is a formally-established requirement in regard to a process, action or configuration that is meant to be an objective, quantifiable expectation to be met (e.g., 8 character password, change passwords every 90 days, etc.) --- Source: https://www.complianceforge.com/faq/word-crimes/policy-vs-standard-vs-control-vs-procedure
upvoted 10 times
...
5fd6335
Most Recent 2 weeks, 5 days ago
it is C. because it is a written procedure for user access controls. see below:A document detailing minimum security controls required for users is typically called a "User Access Control Procedure" or "Minimum Security Standards for User Accounts"; it outlines the essential security controls that must be implemented for all user accounts within an organization, specifying requirements like strong password complexity, regular password changes, access level limitations based on roles, and proper account deactivation procedures.
upvoted 1 times
...
richck102
1 year, 5 months ago
B. Standards
upvoted 1 times
...
bambs
1 year, 7 months ago
Selected Answer: B
Standards provide specific, mandatory requirements that must be followed in order to comply with a policy or to achieve a specific level of security.
upvoted 1 times
...
Prospect57
1 year, 10 months ago
Selected Answer: B
B is my answer. It is sometimes difficult to see the difference between policy and standards. Knowing the definition of each, and even having examples in your brain doesn't always help. I always get confused!
upvoted 2 times
...
Ziggybooboo
2 years, 1 month ago
I think its Policies
upvoted 1 times
dark_3k03r
1 year, 6 months ago
It's not policies, cause policies focus on high level statements of intent and set of expectations for behavior (i.e. controls should be in place to mitigate x/y to avoid a breach). Standards on the other hand define the specific actions to meet those expectations (i.e. required controls to be in place to meet those expectations).
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel