CISM Certified Information Security Manager – Question0064

Data owners must provide a safe and secure environment to ensure confidentiality, integrity and availability of the transaction. This is an example of an information security:

A.
baseline.
B. strategy.
C. procedure.
D. policy.

Correct Answer: D

Explanation:

Explanation:
A policy is a high-level statement of an organization’s beliefs, goals, roles and objectives. Baselines assume a minimum security level throughout an organization. The information security strategy aligns the information security program with business objectives rather than making control statements. A procedure is a step-by-step process of how policy and standards will be implemented.