Certified Information Security Manager (CISM) — Question 18
An information security manager wants to document requirements detailing the minimum security controls required for user workstations. Which of the following resources would be MOST appropriate for this purpose?
Answer options
- A. Policies
- B. Standards
- C. Procedures
- D. Guidelines
Correct answer: B
Explanation
The correct answer is B, as standards provide specific requirements or rules that must be adhered to, making them ideal for detailing minimum security controls. Policies are broader in scope, while procedures outline how to implement measures, and guidelines offer recommendations rather than mandatory controls.