A company's change management procedure requires that any modifications to the IT infrastructure undergo a review process. Before final approval, which document should primarily guide the decision on whether the change is in line with organizational security policies and standards?
The Information Security Policies document should guide the decision-making process as it outlines the organization's overarching rules, expectations, and practices related to maintaining information security. It provides a framework for ensuring that changes comply with the standards necessary to protect the company's information assets. The Acceptable Use Policy (AUP) mainly concerns how individuals are permitted to use company resources. The Software Development Lifecycle (SDLC) policy is generally specific to the creation of software rather than change management. Meanwhile, the Business Continuity Plan (BCP) is designed to guide operations post-disruption and is not primarily used for decision-making in change management.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Information Security Policies and why are they important?
Open an interactive chat with Bash
Can you explain the difference between an Acceptable Use Policy (AUP) and Information Security Policies?
Open an interactive chat with Bash
What role does a Software Development Lifecycle (SDLC) document play in IT changes?