Development of Security Policy, Standards, and Procedures

C.

The common steps used the the development of security policy are initiation of the project, evaluation, development, approval, publication, implementation, and maintenance.The other choices listed are the phases ofthe software development life cycle and not the step used to develop ducuments such as Policies, Standards, etc..

F.

& KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 3, 2002, Auerbach Publications.

The correct answer is C. initiation, evaluation, development, approval, publication, implementation, and maintenance.

When developing documents such as security policy, standards, and procedures, there are generally several steps that are followed. These steps are as follows:

1. Initiation: This is the first step in the process, where the need for a document is identified. It may be initiated by an organization's leadership, regulatory requirements, or industry standards.

2. Evaluation: The second step is to evaluate the existing policies, standards, and procedures that are in place. This is done to identify any gaps or areas that need improvement.

3. Development: Once the need has been established, and the gaps have been identified, the actual development of the document can begin. This step involves writing and drafting the policies, standards, or procedures.

4. Approval: After the document has been developed, it needs to be reviewed and approved by relevant stakeholders, such as senior management, legal, and compliance. This ensures that the document aligns with the organization's goals, mission, and values.

5. Publication: Once the document has been approved, it needs to be published and communicated to all relevant stakeholders. This includes employees, partners, customers, and other external stakeholders.

6. Implementation: The next step is to implement the document within the organization. This may involve training employees, updating systems, and processes, and ensuring that everyone understands their roles and responsibilities.

7. Maintenance: Finally, the document needs to be reviewed and updated regularly to ensure that it remains relevant and effective. This includes making updates based on changes to the organization, industry, or regulatory requirements.

Therefore, the correct answer is C, as it includes all of these steps in the correct order. Option A is incorrect because it includes coding and testing, which are not typically required for developing documents such as security policies, standards, and procedures. Option B is incorrect because it misses the initiation and maintenance steps. Option D is incorrect because it includes feasibility and integration, which are not typically part of the document development process.