CISM Certified Information Security Manager – Question0039 - CISM Certified Information Security Manager

Which of the following are likely to be updated MOST frequently?

A. Procedures for hardening database servers
B. Standards for password length and complexity
C. Policies addressing information security governance
D. Standards for document retention and destruction

Correct Answer: A

Explanation:

Explanation:
Policies and standards should generally be more static and less subject to frequent change. Procedures on the other hand, especially with regard to the hardening of operating systems, will be subject to constant change; as operating systems change and evolve, the procedures for hardening will have to keep pace.