A security administrator is creating a document that provides non-mandatory recommendations and best practices for employees on how to securely handle sensitive company data. Which of the following control documents is the administrator creating?
The correct answer is a guideline. A security guideline is a document that provides recommendations and best practices; it is not mandatory. In contrast, a policy is a high-level statement of intent from management that is mandatory. A standard is a mandatory rule that supports a policy, often specifying technologies or configurations. A procedure is a detailed, step-by-step set of instructions for performing a specific task, which is also mandatory.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the primary difference between a guideline and a policy?
Open an interactive chat with Bash
How do guidelines differ from standards?
Open an interactive chat with Bash
In what scenarios would you typically use a guideline instead of a procedure?