Which of the following statements BEST describes policy? 

Answer options:

A. A minimum threshold of information security controls that must be implemented
B. A checklist of steps that must be completed to ensure information security
C. An overall statement of information security scope and direction
D. A technology-dependent statement of best practices

C

A policy is an executive mandate which helps in identifying a topic that contains particular risks to avoid or prevent. Policies are high-level documents signed by a person of high authority with the power to force cooperation. The policy is a simple document stating that a particular high-level control objective is important to the organization`s success. Policies are usually only one page in length. The authority of the person mandating a policy will determine the scope of implementation. Hence in other words, policy is an overall statement of information security scope and direction. Incorrect Answers: A, B, D: These are not the valid definitions of the policy.