Within the context of the CBK, which of the following provides a MINIMUM level of security ACCEPTABLE for an environment ?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Baselines provide the minimum level of security necessary throughout the organization.
Standards specify how hardware and software products should be used throughout the organization.
Procedures are detailed step-by-step instruction on how to achieve certain tasks.
Guidelines are recommendation actions and operational guides to personnel when a specific standard does not apply.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 3: Security Management Practices (page 94).
The Common Body of Knowledge (CBK) is a framework of information security topics and concepts used as a foundation for many security certifications. When it comes to ensuring security within an environment, there are different levels of security that can be established.
A baseline is a minimum level of security that is acceptable within an environment. It is a starting point for security measures that can be implemented, and it sets the minimum requirements that must be met. Baselines are established to ensure that a basic level of security is met in an environment, and they can be used as a point of comparison for future security assessments.
A standard is a more detailed set of security measures that provide a specific level of security that must be met. Standards are more specific than baselines and provide more detailed guidance on what needs to be done to ensure security. They can be industry-specific or developed internally by an organization.
A procedure is a set of instructions that detail how a specific task should be completed. Procedures are typically used to guide employees on how to perform a task in a standardized way. They can include security procedures, such as how to respond to a security incident.
A guideline is a set of recommendations or best practices for a particular topic. Guidelines provide a high-level view of how security should be implemented, but they are not as detailed as baselines or standards.
In the context of the CBK, a baseline provides the minimum level of security that is acceptable for an environment. Therefore, the answer is A.