Certified Information Security Manager (CISM) — Question 27

What is the BEST reason to keep information security policies separate from procedures?

Answer options

• A. To keep policies from having to be changed too frequently
• B. To ensure that individual documents do not contain conflicting information
• C. To keep policy documents from becoming too large
• D. To ensure policies receive the appropriate approvals

Correct answer: A

Explanation

The correct answer is A because separating policies from procedures allows policies to remain stable and less prone to frequent changes, which is crucial for consistency. Options B, C, and D are also important considerations but do not address the primary reason for separating policies from procedures, which is to maintain the integrity and longevity of the policies themselves.