Certified Information Security Manager (CISM) — Question 618

The security baselines of an organization should be based on:

Answer options

• A. procedures.
• B. standards.
• C. policies.
• D. guidelines.

Correct answer: B

Explanation

The correct answer is B, as security baselines are typically established based on standards that define the minimum security requirements. Procedures, policies, and guidelines may support the implementation of these standards, but they do not serve as the foundational basis for security baselines.