Valid SSCP Dumps shared by EduDump.com for Helping Passing SSCP Exam! EduDump.com now offer the newest SSCP exam dumps, the EduDump.com SSCP exam questions have been updated and answers have been corrected get the newest EduDump.com SSCP dumps with Test Engine here:
What is the main purpose of Corporate Security Policy?
Correct Answer: B
A Corporate Security Policy is a high level document that indicates what are management`s intentions in regard to Information Security within the organization. It is high level in purpose, it does not give you details about specific products that would be use, specific steps, etc.. The organization's requirements for access control should be defined and documented in its security policies. Access rules and rights for each user or group of users should be clearly stated in an access policy statement. The access control policy should minimally consider: Statements of general security principles and their applicability to the organization Security requirements of individual enterprise applications, systems, and services Consistency between the access control and information classification policies of different systems and networks Contractual obligations or regulatory compliance regarding protection of assets Standards defining user access profiles for organizational roles Details regarding the management of the access control system As a Certified Information System Security Professional (CISSP) you would be involved directly in the drafting and coordination of security policies, standards and supporting guidelines, procedures, and baselines. Guidance provided by the CISSP for technical security issues, and emerging threats are considered for the adoption of new policies. Activities such as interpretation of government regulations and industry trends and analysis of vendor solutions to include in the security architecture that advances the security of the organization are performed by the CISSP as well. The following are incorrect answers: To transfer the responsibility for the information security to all users of the organization is bogus. You CANNOT transfer responsibility, you can only tranfer authority. Responsibility will also sit with upper management. The keyworks ALL and USERS is also an indication that it is the wrong choice. To provide detailed steps for performing specific actions is also a bogus detractor. A step by step document is referred to as a procedure. It details how to accomplish a specific task. To provide a common framework for all development activities is also an invalid choice. Security Policies are not restricted only to development activities.