Step-by-step instructions used to satisfy control requirements is called a:
Click on the arrows to vote for the correct answer
A. B. C. D.D.
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
The correct answer is D. Procedure.
Policies, standards, guidelines, and procedures are all important components of an organization's information security management system. However, each of these terms refers to a different type of document.
A policy is a high-level statement that defines an organization's goals and objectives for information security. Policies are typically written in broad, non-specific language and do not provide detailed instructions on how to achieve compliance.
A standard, on the other hand, is a specific, detailed requirement that must be met in order to achieve compliance with a particular policy. Standards are more detailed than policies and provide specific guidelines on what must be done in order to achieve compliance.
Guidelines are less specific than standards, and are generally used to provide recommendations and best practices for achieving compliance with policies and standards. Guidelines may include general principles, best practices, and other recommendations that can help organizations meet their information security goals.
Finally, procedures are step-by-step instructions that are used to implement policies, standards, and guidelines. Procedures are the most detailed type of document and provide specific instructions on how to perform specific tasks or achieve specific goals.
In summary, policies define an organization's goals and objectives for information security, standards provide detailed requirements for achieving compliance, guidelines provide recommendations and best practices, and procedures provide step-by-step instructions for implementing policies, standards, and guidelines.