Certified Secure Software Lifecycle Professional (CSSLP) — Question 51
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy? Each correct answer represents a part of the solution. Choose all that apply.
Answer options
- A. What is being secured?
- B. Where is the vulnerability, threat, or risk?
- C. Who is expected to exploit the vulnerability?
- D. Who is expected to comply with the policy?
Correct answer: A, B, D
Explanation
The correct answers A, B, and D are essential elements in a well-designed security policy. They identify the assets to be protected, the locations of potential threats or vulnerabilities, and the individuals responsible for adhering to the policy. Option C is not necessary for the policy's effectiveness, as it focuses on potential attackers rather than the organization's security framework.