A mid-level company is rewriting its security policies and has halted the rewriting progress because the company’s executives believe that its major vendors, who have cultivated a strong personal and professional relationship with the senior level staff, have a good handle on compliance and regulatory standards. Therefore, the executive level managers are allowing vendors to play a large role in writing the policy. Having experienced this type of environment in previous positions, and being aware that vendors may not always put the company’s interests first, the IT Director decides that while vendor support is important, it is critical that the company writes the policy objectively.
Which of the following is the recommendation the IT Director should present to senior staff?
A . 1) Consult legal, moral, and ethical standards;
2) Draft General Organizational Policy;
3) Specify Functional Implementing Policies;
4) Allow vendors to review and participate in the establishment of focused compliance standards, plans, and procedures
B . 1) Consult legal and regulatory requirements;
2) Draft General Organizational Policy;
3) Specify Functional Implementing Policies;
4) Establish necessary standards, procedures, baselines, and guidelines
C . 1) Draft General Organizational Policy;
2) Establish necessary standards and compliance documentation;
3) Consult legal and industry security experts;
4) Determine acceptable tolerance guidelines
D . 1) Draft a Specific Company Policy Plan;
2) Consult with vendors to review and collaborate with executives;
3) Add industry compliance where needed;
4) Specify Functional Implementing Policies
Answer: B
Leave a Reply