exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam

Exam CISM topic 1 question 94 discussion

Actual exam question from Isaca's CISM
Question #: 94
Topic #: 1
[All CISM Questions]

What is the BEST reason to keep information security policies separate from procedures?

  • A. To keep policies from having to be changed too frequently
  • B. To ensure that individual documents do not contain conflicting information
  • C. To keep policy documents from becoming too large
  • D. To ensure policies receive the appropriate approvals
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
MSKid
Highly Voted 1 year, 4 months ago
Selected Answer: A
Voting A - CISM AIO 2nd under "Security Policy Structure"
upvoted 6 times
Ziggybooboo
1 year, 4 months ago
Agreed
upvoted 1 times
...
...
Viperhunter
Most Recent 3 months, 3 weeks ago
Selected Answer: B
Keeping information security policies separate from procedures helps maintain clarity and prevent conflicts between different types of documents. Policies provide high-level guidance and direction, outlining overarching principles and objectives, while procedures offer detailed steps and actions to implement those policies. Separating the two allows for better organization, clarity, and the ability to update or revise procedures without necessarily impacting the underlying policy framework. It ensures that each type of document serves its specific purpose without introducing confusion or contradictions.
upvoted 1 times
...
sphenixfire
6 months, 1 week ago
Selected Answer: A
Security policy statements should be general and not cite specific devices, technolo- gies, algorithms, or configurations. Policy statements should state what is to be done (or not done) but not how. This way, security policies will be durable and will need to be changed infrequently. On the other hand, security standards and procedures may change more frequently as practices, techniques, and technologies change
upvoted 1 times
...
drewl25
8 months ago
Selected Answer: B
The best reason to keep information security policies separate from procedures is to ensure that individual documents do not contain conflicting information. Information security policies and procedures serve different purposes within an organization's information security program. Policies are high-level statements that outline the organization's intentions, direction, and requirements regarding information security. They provide overarching guidance and principles that shape the organization's approach to information security. Procedures, on the other hand, are detailed instructions and step-by-step processes that describe how specific tasks or activities should be performed. They provide specific guidance on how to implement the requirements outlined in the policies.
upvoted 1 times
...
Nillanash
8 months, 2 weeks ago
A- To keep policies from frequent changes since policies are over-arching.
upvoted 1 times
...
richck102
9 months, 3 weeks ago
A. To keep policies from having to be changed too frequently
upvoted 1 times
...
Antonivs
1 year, 1 month ago
Selected Answer: A
A, procedures should be operational
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago