The Importance of Good Security Policies

C.

The most important characteristic of good security policies is that they be aligned with organizational goals.

Failure to align policies and goals significantly reduces the value provided by the policies.

Stating expectations of IT management omits addressing overall organizational goals and objectives.

Stating only one general security mandate is the next best option since policies should be clear; otherwise, policies may be confusing and difficult to understand.

Governing the creation of procedures and guidelines is most relevant to information security standards.

The correct answer is C: security policies should be aligned with organizational goals.

Security policies are an essential component of an organization's overall security framework. A security policy is a documented set of rules, procedures, and guidelines that dictate how an organization manages, protects, and distributes its information assets. Good security policies should address the organization's unique risks and objectives and be aligned with its overall goals.

A. Stating expectations of IT management is important, but it is not the most critical characteristic of good security policies. Policies should not be solely focused on IT management, but should also encompass all aspects of the organization's operations, including physical security, personnel security, and compliance with legal and regulatory requirements.

B. Stating only one general security mandate is not sufficient for a comprehensive security policy. A good security policy should include multiple mandates and cover all aspects of security relevant to the organization.

C. Aligning security policies with organizational goals is the most important characteristic of good security policies. Security policies should support the organization's overall objectives and business strategy. This ensures that security measures are implemented in a way that does not hinder the organization's ability to achieve its goals.

D. Governing the creation of procedures and guidelines is important, but it is not the most critical characteristic of good security policies. Policies should provide guidance on the development of procedures and guidelines, but they should also include the high-level principles and objectives that guide those procedures and guidelines.

In summary, good security policies should be aligned with organizational goals, comprehensive, and provide high-level guidance for the development of detailed procedures and guidelines.