CISM - Information Security Program - Section 3.4
Develop and maintain information security policies, procedures and guidelines that govern programme activities.
Develop and maintain a policy hierarchy that includes a security policy, supporting standards, and guidelines, with an acceptable use policy governing personnel behaviour. Distinguish between mandatory policy and standards versus advisory guidelines, and recognise the circumstances that trigger a policy review.
Security policyAcceptable use policyPolicy hierarchyStandards vs guidelines
More in this domain
Back to all Information Security Program objectives, or the CISM cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.