Which of the following is a step in establishing a security policy?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Establishing a security policy is an important step towards ensuring the security of an organization's information assets. The following are the steps in establishing a security policy:
A. Developing platform-level security baselines: The first step in establishing a security policy is to develop platform-level security baselines. This involves defining the minimum security requirements for the organization's IT infrastructure, including hardware, software, and operating systems. The baseline should include security controls such as firewalls, intrusion detection systems, antivirus software, and encryption tools.
B. Developing configuration parameters for the network: The next step is to develop configuration parameters for the network. This involves defining the rules and settings for the organization's network infrastructure. This includes defining access controls, defining security policies for servers and applications, and setting up security protocols for wireless networks.
C. Implementing a process for developing and maintaining the policy: The third step is to implement a process for developing and maintaining the security policy. This involves defining the roles and responsibilities of the stakeholders involved in developing and maintaining the policy. It also involves defining the procedures for updating the policy to reflect changes in the organization's IT infrastructure and the threat landscape.
D. Creating a RACI matrix: The RACI matrix is a tool that is used to define the roles and responsibilities of the stakeholders involved in the security policy. RACI stands for Responsible, Accountable, Consulted, and Informed. The matrix helps to ensure that all stakeholders are aware of their responsibilities and that there is clear communication and coordination between them.
In conclusion, the correct answer to the question is C. Implementing a process for developing and maintaining the policy. While the other options are important steps in establishing a security policy, they are not the first step or the most critical step. Developing and maintaining the security policy is essential to ensure that the organization's information assets are protected from cyber threats.