Certified Information Security Manager (CISM) — Question 267

Which of the following is the MOST appropriate resource to determine whether or not a particular solution should utilize encryption based on its location and data classification?

Answer options

• A. Guidelines
• B. Procedures
• C. Standards
• D. Policies

Correct answer: C

Explanation

Standards provide established criteria for implementing security measures, such as encryption, based on data classification and location. Guidelines and procedures offer direction and steps, while policies define overall intentions but may not detail specific requirements for encryption.