Which of the following is MOST likely to be discretionary?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Policies define security goals and expectations for an organization.
These are defined in more specific terms within standards and procedures.
Standards establish what is to be done while procedures describe how it is to be done.
Guidelines provide recommendations that business management must consider in developing practices within their areas of control; as such, they are discretionary.
In the context of information security, discretionary refers to decisions or actions that are left up to the discretion of an individual or group, rather than being mandated or enforced by a higher authority.
Out of the options given, the item that is most likely to be discretionary is Guidelines.
Policies, Procedures, and Standards are typically more prescriptive and less flexible. Policies are high-level statements that provide direction and guidance for the organization. Procedures are step-by-step instructions for carrying out specific tasks or processes. Standards are specific requirements or specifications that must be met.
Guidelines, on the other hand, are more flexible and provide suggested actions or approaches, rather than strict rules or requirements. They are often used to encourage best practices, provide examples of effective strategies, or suggest possible solutions to a problem. Guidelines may be helpful in guiding decisions or actions, but they are not typically enforced as strictly as policies, procedures, or standards.
Therefore, out of the options given, Guidelines are most likely to be discretionary.