(ISC)2 Certified in Cybersecurity Practice Exam

What policy focuses on password security practices to ensure safe access to sensitive information?

• A. Data Handling Policies
• B. Password Policies
• C. Access Control Policies
• D. Security Audit Policies

The correct answer is: Password Policies

The focus of password security practices falls squarely under password policies. These policies are designed to establish rules and guidelines for creating, managing, and storing passwords securely to protect sensitive information. By specifying parameters such as minimum password length, complexity requirements (like the inclusion of upper and lower case letters, numbers, and special characters), and guidelines for regular password changes, password policies help mitigate the risks associated with weak or easily guessable passwords. Furthermore, effective password policies often include recommendations for the use of password managers, guidance on avoiding password reuse, and instructions for recognizing and reporting potential phishing attempts that aim to compromise credentials. The explicit emphasis on password management and user behaviors to enhance security is what firmly places such policies as vital components of a broader cybersecurity strategy aimed at protecting sensitive data. In contrast, data handling policies primarily address the procedures for managing and protecting data throughout its lifecycle, access control policies focus on who is authorized to access specific data and systems, and security audit policies concern the evaluation of security measures and compliance with regulations and standards. While these policies may overlap in terms of overall security, they do not specifically concentrate on password management practices.