A. Organizational standards are enforced by technical controls.

D is the answer. Came very close to A for me. But, not all policies are in a technical domain but still have to be enforced somehow and for that reason I am going with D.

The Correct answer is (A) Organizational standards are enforced by technical controls. This is because the keyword is "applies" and technical control applies them. Rationale (B) Organizational standards are included in awareness training is incorrect cause awareness bring attention, but not enforcement. (C) Organizational standards are required to be formally accepted is incorrect because just cause something is accepted doesn't mean it is acted upon. (D) Organizational standards are documented in operational procedures is incorrect because just cause something is written down doesn't mean it has been acted upon.

I think it is F

Only formal acceptance can provide best assurance.

When organizational standards (derived from security policies) are documented in operational procedures, it ensures that these standards are incorporated into the daily tasks and activities of the business. Operational procedures define how specific tasks should be carried out, and if these procedures are aligned with security policies, it provides a tangible and actionable way for employees to apply the policies in their daily work. This offers the best assurance that security policies are being applied consistently across business operations.

D is correct

security = technical controls mainly in the choices given

Echo Kunzle

all are good but provides maximum assurance

C. Organizational standards are required to be formally accepted.

A. Organizational standards are enforced by technical controls.

D. Organizational standards are documented in operational procedures.

about security, only B is included.