What is a security policy?

• A. A method for data encryption
• B. A set of rules and practices for IT asset protection
• C. A software application for monitoring security
• D. A temporary measure for system security

Answer: (B)

A security policy serves as a comprehensive framework that outlines the rules and practices designed to protect an organization's information technology assets. It defines how an organization manages, protects, and distributes sensitive information, ensuring that all employees are aware of their responsibilities regarding security measures. This can include guidelines on data encryption, access control, incident response, and compliance with legal and regulatory standards.

By providing clear expectations and procedures, a security policy helps to mitigate risks and safeguard against threats to the organization's information systems and data. It is a vital document that not only enhances security awareness among staff but also lays the groundwork for a robust security posture within the organization.