Certified Information Systems Security Professional (CISSP) — Question 108

What is the FIRST step for an organization to take before allowing personnel to access social media from a corporate device or user account?

Answer options

• A. Publish an acceptable usage policy.
• B. Publish a social media guidelines document.
• C. Deliver security awareness training.
• D. Document a procedure for accessing social media sites.

Correct answer: A

Explanation

The correct answer is to publish an acceptable usage policy, as it establishes clear rules and expectations for social media use within the organization. While social media guidelines and security training are important, they should follow the establishment of a policy that outlines permissible behaviors. Documenting access procedures is also necessary but comes after setting up the overarching policy.