A security manager is establishing a formal security program. The manager needs to create a high-level document that defines the organization's security goals and mandates the creation of more detailed documents, such as a Disaster Recovery Plan and an Incident Response Plan. Which of the following governance documents should the manager create FIRST to serve this purpose?
An Information Security Policy (ISP) is the foundational, high-level document in a security governance structure. It outlines an organization's overall security posture, objectives, and responsibilities. The ISP serves as the authority that mandates the creation and implementation of other, more specific policies, standards, and plans, including the Incident Response Plan and Disaster Recovery Plan. The other options are all specific plans or policies that are typically created under the guidance and authority of the main Information Security Policy.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Disaster Recovery Plans (DRPs)?
Open an interactive chat with Bash
What is an Incident Response Plan (IRP)?
Open an interactive chat with Bash
How do Information Security Policies support organizational resilience?