An organization recently established a high-level policy requiring all company data to be classified and handled according to its sensitivity. A security architect is now tasked with creating a document that offers helpful, non-mandatory suggestions and best practices for employees on how to manage data in their day-to-day work, such as providing examples of how to label emails. Which type of security program documentation should the architect create?
The correct answer is a guideline. Guidelines provide non-mandatory recommendations, advice, and best practices that help staff adhere to policies without being strictly enforceable. In this scenario, the document is for helpful suggestions, not mandatory rules. Policies are high-level management directives. Standards are mandatory requirements that support policies. Procedures are detailed, step-by-step mandatory instructions for specific tasks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of security guidelines?
Open an interactive chat with Bash
How does a guideline differ from a policy?
Open an interactive chat with Bash
Can guidelines contain examples of implementing standards or procedures?