Domain 5/Objective 5.3 Organizational Policies

A company wants to ensure that all changes to its IT infrastructure are documented and approved. Which policy supports this objective?

An organization is implementing a policy to ensure that employees with access to sensitive data undergo regular background checks. Which policy is being enforced?

An organization is concerned about the potential leakage of sensitive information due to employees leaving printed documents on their desks. Which policy would address this concern?

A company is about to engage in a new business partnership, and both parties want to establish mutual expectations. Which legal document is most suitable for this purpose?

A company is implementing measures to assess and manage risks associated with third-party vendors. Which category of policies should the organization focus on?

An organization wants to enhance user training by creating an interactive learning environment. Which training technique involves using simulated cyber-attacks to assess and improve the participants' security awareness?

An organization wants to ensure that only authorized personnel have access to specific resources based on their job roles. Which policy aligns with this objective?

An organization is implementing measures to ensure that confidential information shared with third parties is kept confidential. Which policy would address this concern?

A company is preparing to decommission outdated IT equipment and wants to establish guidelines for the secure disposal of hardware. Which policy should be implemented?

An organization is implementing a policy to categorize data based on sensitivity and importance. Which policy is being enforced?