Certified Authorization Professional – CAP – Question118

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy? Each correct answer represents a part of the solution. Choose all that apply.

A.
Who is expected to exploit the vulnerability?
B. What is being secured?
C. Where is the vulnerability, threat, or risk?
D. Who is expected to comply with the policy?

Correct Answer: BCD