(ISC)2 Certified in Cybersecurity Practice Exam

What four items belong to the security policy framework?

• A. Plans, Strategies, Standards, Protocols
• B. Policies, Standards, Guidelines, Procedures
• C. Regulations, Frameworks, Procedures, Policies
• D. Rules, Guidelines, Standards, Frameworks

The correct answer is: Policies, Standards, Guidelines, Procedures

The selection of Policies, Standards, Guidelines, and Procedures accurately represents the core components of a security policy framework. Each of these elements plays a critical role in establishing a comprehensive cybersecurity program. Policies provide the overarching principles and rules that guide an organization's security efforts. They define the organization's stance on various security issues and outline the expectations for behavior and accountability. Standards specify the mandatory requirements that must be met to comply with the policies. They provide measurable criteria for systems and processes, ensuring consistency and security in the implementation of the policies. Guidelines offer recommendations or best practices for achieving the standards. While they are not mandatory, they serve as helpful advice for staff on how to approach certain situations or tasks in a secure manner. Procedures detail the specific steps that must be taken to implement the policies and standards in real-world scenarios. They create a clear actionable framework for employees, ensuring that security measures are executed effectively. In contrast, the other options include terms that either do not fully align with traditional frameworks in cybersecurity or combine concepts that might mislead the understanding of how various aspects of security management work together. By choosing this particular answer, one acknowledges the structured approach that organizations should adopt to safeguard their information assets effectively.