Certified Information Systems Security Professional (CISSP) — Question 464

What is the MOST appropriate hierarchy of documents when implementing a security program?

Answer options

• A. Policy, organization principle, standard, guideline
• B. Standard, policy, organization principle, guideline
• C. Organization principle, policy, standard, guideline
• D. Organization principle, guideline, policy, standard

Correct answer: C

Explanation

The correct answer is C, as it accurately reflects the logical structure where the organization principle sets the foundation, followed by the policy that governs actions, then standards that provide specific requirements, and finally guidelines that offer recommendations. Options A, B, and D do not follow this logical order, which is crucial for effective security program implementation.