Chapter 3

Security Policies and Standards


3.01     Introduction to Security Policies

3.02     General Security Policies

3.03     Human Resources Policies

3.04     User Education and Awareness


Security policies provide the framework from which all types of users learn the proper procedures in using computing devices and accessing data. Management support is crucial to ensure the security policies are understood and enforced. User awareness and training provide users with this knowledge, and metrics must be gathered to determine how effective the training is, such as through testing.

1.   The primary purpose of security policies is to:

A.   Establish legal grounds for prosecution.

B.   Improve IT service performance. ...

Get CompTIA Security+ Certification Practice Exams, Third Edition (Exam SY0-501), 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.