Factors Seldom Changed in Response to Technological Changes

C.

Policies are high-level statements of objectives.

Because of their high-level nature and statement of broad operating principles, they are less subject to periodic change.

Security standards and procedures as well as guidelines must be revised and updated based on the impact of technology changes.

The correct answer to this question is C. Policies.

Policies are high-level statements that provide a framework for decision-making and guide an organization's overall approach to security. They typically outline the organization's goals, objectives, and expectations regarding information security. Policies are usually less detailed than procedures and guidelines, and they are intended to be stable over time.

Policies are often created in response to legal, regulatory, or other external requirements, and they are designed to reflect the organization's overall security posture. As such, policies are seldom changed in response to technological changes because they are not intended to be prescriptive or technical in nature.

On the other hand, procedures and guidelines are more specific and detailed than policies, and they provide step-by-step instructions for implementing security controls. These documents are often updated in response to changes in technology, threats, or other factors that affect the organization's security posture. Standards are also more technical in nature than policies, and they define specific requirements for security controls, but they may be updated in response to changes in technology or industry best practices.

In summary, policies are high-level statements that provide a stable framework for decision-making and guide an organization's overall approach to security. While procedures, guidelines, and standards are more specific and may be updated in response to technological changes, policies are seldom changed in response to such changes.