Which of the following BEST conveys minimum information security requirements to an organization in alignment with policies?
Which of the following BEST conveys minimum information security requirements to an organization in alignment with policies?
Standards are the best option for conveying minimum information security requirements to an organization in alignment with policies. They provide established requirements regarding processes, actions, and configurations that must be followed to ensure security. These standards are typically created by recognized authorities and are used to guide the organization in implementing security policies and controls effectively. While baselines, procedures, and regulations are also important in an organization's security program, standards specifically outline the mandatory requirements that must be met to comply with broader security policies.
BASELINE = MINIMUM STANDARD!
Standards convey minimum information security requirements to an organization in alignment with policies. Standards are a set of guidelines, protocols, and best practices that an organization must adhere to in order to meet a certain level of security. They are established by a recognized authority and can be mandatory or voluntary. Standards provide a framework for an organization to develop and implement their own security policies, procedures, and controls. Baselines, regulations, and procedures are also important components of an organization's security program, but standards provide the minimum requirements that must be met.
From ISACA there are the following: Policy, Control Objectives, standards, guidelines, and procedures. This eliminates B and C. Standards are defined as Established requirements in regard to processes, actions & configurations, also called baselines. Answer is D.
D. Standards is the correct answer. Standards always align with policy while Baselines are related to configurations and they are used to support the standard policies.
This is used as a specification to follow when applying policies and may dictate mandatory requirements. https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/differentiating-key-terms-in-the-information-security-hierarchy
According to NIST definition, Security Control Baseline means that the set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system.
minimum requirements are standards
Option D
"in alignment with policies" is the key part that finally points you to answer D.
I go with
C Baselines A baseline is a minimum level of security that a system, network, or device must adhere to. Baselines are usually mapped to industry standards. As an example, an organization might specify that all computer systems comply with a minimum Trusted Computer System Evaluation Criteria (TCSEC) C2 standard. TCSEC standards are discussed in detail in Chapter 5, "System Architecture and Models."
D. Standards
The BEST option that conveys minimum information security requirements to an organization in alignment with policies is Standards.