Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CSSLP All Questions

View all questions & answers for the CSSLP exam
Go to Exam

Exam CSSLP topic 1 question 70 discussion

Actual exam question from ISC's CSSLP
Question #: 70
Topic #: 1
[All CSSLP Questions]

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy? Each correct answer represents a part of the solution. Choose all that apply.

  • A. What is being secured?
  • B. Where is the vulnerability, threat, or risk?
  • C. Who is expected to exploit the vulnerability?
  • D. Who is expected to comply with the policy?
Show Suggested Answer Hide Answer
Suggested Answer: ABD 🗳️
A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization. A well designed policy addresses the following: What is being secured? - Typically an asset. Who is expected to comply with the policy? - Typically employees. Where is the vulnerability, threat, or risk? - Typically an issue of integrity or responsibility.
by 74gjd_37 at Sept. 30, 2023, 2:39 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
influence777
7 months, 3 weeks ago
Selected Answer: ABD
A, B, D A well-designed security policy should clearly address: - **What is being secured** (A): Identifying the assets that require protection. - **Where is the vulnerability, threat, or risk** (B): Outlining the potential security concerns that the policy aims to mitigate. - **Who is expected to comply with the policy** (D): Specifying the individuals or groups that must follow the policy guidelines. While understanding potential adversaries is crucial for security strategies, specific identification of who might exploit vulnerabilities is usually not a direct component of a general security policy.
upvoted 1 times
...
74gjd_37
1 year, 1 month ago
Selected Answer: ABC
All of the options A, B, C, and D are required to be addressed in a well-designed security policy. A. What is being secured? The policy should clearly define the assets that need to be protected and the level of protection that is required for them. B. Where is the vulnerability, threat, or risk? The policy should identify the potential vulnerabilities, threats, and risks that the organization faces and the measures that need to be taken to mitigate them. C. Who is expected to exploit the vulnerability? The policy should identify the potential threat actors who may exploit vulnerabilities in the organization's assets and systems. D. Who is expected to comply with the policy? The policy should clearly define the roles and responsibilities of both employees and management in ensuring the security of the organization's assets and information. It should also outline the consequences of non-compliance with the policy.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel