Systems Security Certified Practitioner – SSCP – Question0381 - Systems Security Certified Practitioner

An effective information security policy should not have which of the following characteristic?

A. Include separation of duties
B. Be designed with a short-to mid-term focus
C. Be understandable and supported by all stakeholders
D. Specify areas of responsibility and authority

Correct Answer: B

Explanation:

An effective information security policy should be designed with a long-term focus. All other characteristics apply. Source: ALLEN, Julia H., The CERT Guide to System and Network Security Practices, Addison-Wesley, 2001, Appendix B, Practice-Level Policy Considerations (page 397).