CompTIA Security+ (SY0-701) — Question 540

An organization is developing a security program that conveys the responsibilities associated with the general operation of systems and software within the organization. Which of the following documents would most likely communicate these expectations?

Answer options

• A. Business continuity plan
• B. Change management procedure
• C. Acceptable use policy
• D. Software development life cycle policy

Correct answer: C

Explanation

The Acceptable Use Policy (AUP) is designed to define the expected behavior of users when interacting with organizational systems and software, thus conveying responsibilities. In contrast, a Business Continuity Plan focuses on maintaining operations during disruptions, Change Management Procedures deal with alterations in systems, and Software Development Life Cycle Policies outline the stages of software development rather than user responsibilities.