Security Policy — CISSP Practice Questions
A security policy is a formal, high-level statement of management intent that establishes the rules, obligations, and acceptable behaviors for protecting an organization's information assets. Within the CISSP framework, security policies sit at the top of a hierarchy that flows down through standards, guidelines, baselines, and procedures. The exam tests whether candidates understand that policies are driven by business objectives and legal requirements rather than technical specifics, and that they must be enforceable and communicated to all personnel. Questions often involve distinguishing policy from procedure or identifying the appropriate policy type, such as issue-specific, system-specific, or program-level policy.
Free questions on security policy
Which type of access control makes authorization decisions based on attributes of the subject, resource, and environment?
Free question · medium · full answer + explanation
More security policy questions in the full bank
- What is information security governance? Unlock answer & explanation →
- What is the purpose of a security policy? Unlock answer & explanation →
- What is the primary function of a firewall? Unlock answer & explanation →