D. To establish a minimum acceptable security baseline is the primary purpose of implementing information security standards. Standards provide a framework for achieving a set of security objectives and establish a common set of security controls and guidelines that organizations should implement to protect their information systems. They are designed to be a starting point for organizations to build their own security programs and help ensure that the security measures in place are adequate to protect the organization's sensitive information and assets. Standards provide a common language and a consistent approach to security, which helps organizations to understand their security risks, identify vulnerabilities, and implement appropriate controls to mitigate those risks.
The answer is D: Standards define minimum security requirements tailored to a specific organization. An example could be the usage of TLS 1.2 or above or password complexity requirements.
The answer is NOT B, since step by step instructions are covered by procedures. Procedures are one level below standards and contain detailed instructions on how to perform certain tasks (e.g., like a manual).
The answer is NOT C, since security objectives are derived from business objectives (security as a supporting function for the business). There is no relation to standards - just forget about this answer option.
C. To provide management direction with a specific security objective.
Information security standards are typically designed to provide a set of guidelines, principles, or requirements that help organizations establish and maintain a secure information environment. These standards offer management direction by outlining specific security objectives and expectations. They serve as a foundation for developing information security policies (Option A) and often include best practices and controls to establish a minimum acceptable security baseline (Option D). While some standards may include procedural details, their primary focus is to provide overarching guidance and direction for achieving security goals within an organization
D. To establish a minimum acceptable security baseline
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Broesweelies
Highly Voted 1 year, 5 months agoJosef4CISM
Most Recent 3 days agoTamerBeSafe
5 months, 2 weeks agomaisarajarrah
6 months, 2 weeks agoCert_IT
10 months agoAlexJacobson
5 months, 2 weeks agorichck102
1 year ago