Exam CISM topic 1 question 587 discussion

D. Policies would be the most appropriate resource to determine whether or not a particular solution should utilize encryption based on its location and data classification. Policies are a set of rules and regulations that dictate how data should be handled and protected. They typically outline specific requirements for data encryption, and may take into account factors such as the location of the data and its classification level.

C. Standards. Standards provide detailed, specific requirements and criteria for implementing controls such as encryption based on factors like data classification and location. Policies provide high-level guidance but typically do not include specific implementation details like when and where encryption should be applied.

I think it's C. Policies will give very high-level direction, but for a single system, it will follow the security standard.

it's C

it's C

The most appropriate resource to determine whether or not a particular solution should utilize encryption based on its location and data classification would be policies. Policies are high-level documents that define an organization's overarching principles, goals, and guidelines. They establish the strategic direction and provide a framework for decision-making. In the context of information security, policies often outline the organization's stance on various security measures, including encryption.

Policies are not sesitive to specific solutions, standards are used to determine the rules regarding specific systems in accordance with the more general dictation of policies

Policies provide high-level guidance and direction for an organization's approach to security and data protection. They set the overarching rules and principles that govern how data should be handled, including when encryption should be used. Policies often take into account the organization's risk tolerance, legal requirements, and industry best practices. Guidelines, procedures, and standards are typically more detailed documents that stem from policies

C https://frsecure.com/blog/differentiating-between-policies-standards-procedures-and-guidelines/

C. Standards

tandards provide specific requirements and specifications that organizations are expected to adhere to, and they may include guidance on encryption based on data classification and location.

Option D. Policies provide the high-level guidance and direction for information security, including determining when encryption should be used based on factors such as location and data classification.

The MOST appropriate resource to determine whether or not a particular solution should utilize encryption based on its location and data classification is policies. Policies are high-level documents that define the organization's overall security goals and objectives. They typically include requirements for encryption, as well as other security controls. When determining whether or not to encrypt a particular solution, organizations should first consult their policies. The policy will specify the types of data that must be encrypted, as well as the encryption requirements for those data types.

I guess C