Many guidelines can be used to identify the areas that security policies should cover.
In which four areas is coverage most important? (Choose four.)
Click on the arrows to vote for the correct answerA. B. C. D. E. F.
The four areas where security policies should have the most important coverage are:
A. Physical: Security policies should address the physical security of the premises, including the protection of buildings, servers, and other assets from unauthorized access, theft, and damage. Physical security policies should also cover the security of data centers, wiring closets, and other critical infrastructure.
B. Host: Security policies should address the security of hosts, including servers, desktops, laptops, and mobile devices. This includes ensuring that all systems are properly configured, that patches and updates are applied in a timely manner, and that anti-virus software is installed and up to date.
C. User: Security policies should address the behavior of users, including policies for creating strong passwords, rules for accessing sensitive data, and guidelines for social engineering attacks. User policies should also address the handling of sensitive data, including data classification, encryption, and retention.
D. Document: Security policies should address the protection of sensitive documents and data. This includes policies for access control, data classification, and document retention. Document policies should also address the secure disposal of documents and media.
E. Incident handling and response: Security policies should address the procedures for handling security incidents, including the reporting and escalation of incidents, the investigation of incidents, and the steps necessary to contain and mitigate the impact of incidents.
F. Security awareness training: Security policies should address the need for security awareness training for all employees. This includes training on the risks of social engineering attacks, the importance of password security, and the proper handling of sensitive data.
In summary, the four areas where security policies should have the most important coverage are physical security, host security, user behavior, and document protection. Additionally, incident handling and response procedures and security awareness training for employees are also critical components of a comprehensive security policy.