Correct Answer: D
Explanation/Reference:
Explanation:
Procedures are detailed step-by-step tasks that should be performed to achieve a certain goal. The steps can apply to users, IT staff, operations staff, security members, and others who may need to carry out specific tasks. Many organizations have written procedures on how to install operating systems, configure security mechanisms, implement access control lists, set up new user accounts, assign computer privileges, audit activities, destroy material, report incidents, and much more.
Procedures are considered the lowest level in the documentation chain because they are closest to the computers and users (compared to policies) and provide detailed steps for configuration and installation issues.
Procedures spell out how the policy, standards, and guidelines will actually be implemented in an operating environment.
Incorrect Answers:
A: A policy is defined as a high-level document that outlines senior management's security directives. This is not what is described in the question.
B: Standards are compulsory rules indicating how hardware and software should be implemented, used, and maintained. This is not what is described in the question.
C: Guidelines are recommended actions and operational guides for users, IT staff, operations staff, and others when a specific standard does not apply. This is not what is described in the question.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 106-107