A cybersecurity analyst needs to create a document that provides employees with non-mandatory recommendations and best practices for securely configuring their home Wi-Fi networks for remote work. The document is intended to be advisory rather than a set of strict, enforceable rules. Which of the following governance documents should the analyst create?
A guideline is the most appropriate document type. Guidelines are non-mandatory and provide recommendations or best practices to help employees make informed decisions. Unlike policies and standards, which are mandatory, guidelines offer flexibility. An Acceptable Use Policy (AUP) is a formal policy dictating mandatory rules for using company resources. A password standard sets compulsory rules for password creation. A change management procedure provides required, step-by-step instructions for making changes to IT systems.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between a guideline and a policy in security frameworks?
Open an interactive chat with Bash
Why is data retention considered a guideline in security governance?
Open an interactive chat with Bash
How do guidelines like data retention fit into overall security governance frameworks?