- 论坛徽章:
- 0
|
|
1. As a security professional, you are asked to put a \"living documents\" into place for the organization that will help the security department (with the help of upper management) to enforce certain aspects of security in that organization. What is this \"living document\" called? \r\nA. Orange Book \r\nB. Security Policy \r\nC. Rainbow series \r\nD. Red Book\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\nAnswer B.\r\nExplanation: In business, a security policy is a document that states in writing how a company plans to protect the company\'s physical and information technology (IT) assets. A security policy is often considered a \"living document\", meaning that the document is never finished, but is continuously updated as technology and employee requirements change. A company\'s security policy may include an acceptable use policy, a description of how the company plans to educate its employees about protecting the company\'s assets, an explanation of how security measurements will be carried out and enforced, and a procedure for evaluating the effectiveness of the security policy to ensure that necessary corrections will be made. \r\n |
|
免费注册
发表于 2002-08-02 00:08