Which of the following best describes the primary purpose of a security policy?
To specify encryption standards for data at rest and in transit
To detail specific incident response procedures
To define access control lists for network resources
To provide a high-level framework for an organization's approach to security