CISM Certified Information Security Manager – Question1090

Documented standards/procedures for the use of cryptography across the enterprise should PRIMARILY:

A.
define the circumstances where cryptography should be used.
B. define cryptographic algorithms and key lengths.
C. describe handling procedures of cryptographic keys.
D. establish the use of cryptographic solutions.

Correct Answer: A

Explanation:

Explanation: There should be documented standards-procedures for the use of cryptography across the enterprise; they should define the circumstances where cryptography should be used. They should cover the selection of cryptographic algorithms and key lengths, but not define them precisely, and they should address the handling of cryptographic keys. However, this is secondary to how and when cryptography should be used. The use of cryptographic solutions should be addressed but, again, this is a secondary consideration.