GIAC Security Leadership Certification (GSLC) — Question 17

Which of the following would fall under the Principles category of the Policy Pyramid?

Answer options

• A. Every employee must attend annual security awareness training
• B. Encryption must be enabled on systems that support it
• C. Password complexity is an important part of securing our data
• D. Protect customer information as if it were our own

Correct answer: C

Explanation

The correct answer, C, reflects a fundamental belief about data security that guides behavior, fitting the Principles category. Options A and B are more specific rules or requirements, while D, although important, focuses on actions rather than guiding principles.