Secure Software Lifecycle Professional – CSSLP – Question070

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy? Each correct answer represents a part of the solution. Choose all that apply.

A.
What is being secured?
B. Where is the vulnerability, threat, or risk?
C. Who is expected to exploit the vulnerability?
D. Who is expected to comply with the policy?

Correct Answer: ABD

Explanation:

Explanation: A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization. A well designed policy addresses the following: What is being secured? – Typically an asset. Who is expected to comply with the policy? – Typically employees. Where is the vulnerability, threat, or risk? – Typically an issue of integrity or responsibility.