An information security ________ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training.
A) plan
B) framework
C) model
D) policy

Question

An information security ________ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training.
A) plan
B) framework 
C) model
D) policy

Quizplus · Accepted Answer

A framework is a comprehensive set of guidelines that provide direction and support for developing, implementing, and maintaining information security policy, controls, and procedures over time. It provides an essential structure for guiding decisions and actions based on risk assessments, regulatory compliance, and industry-standard best practices. The framework also ensures the consistency of the security program, improves communication among stakeholders, and helps avoid gaps and overlaps in security control implementation. Therefore, a security framework is the best fit for this definition.

An Information Security ________ Is a Specification of a Model