A security manager is establishing a formal security program. The manager needs to create a high-level document that defines the organization's security goals and mandates the creation of more detailed documents, such as a Disaster Recovery Plan and an Incident Response Plan. Which of the following governance documents should the manager create FIRST to serve this purpose?
An Information Security Policy (ISP) is the foundational, high-level document in a security governance structure. It outlines an organization's overall security posture, objectives, and responsibilities. The ISP serves as the authority that mandates the creation and implementation of other, more specific policies, standards, and plans, including the Incident Response Plan and Disaster Recovery Plan. The other options are all specific plans or policies that are typically created under the guidance and authority of the main Information Security Policy.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is the Information Security Policy the foundational document?
Open an interactive chat with Bash
How does an Information Security Policy differ from an Acceptable Use Policy?
Open an interactive chat with Bash
What are the main components of an Information Security Policy?