Question 55
Main Page
You are mentoring a junior CISO. They ask about the difference between policies and procedures. What do you tell them?
A. Procedures are general guidance, while policies are detailed steps
B. Policies are strategic rules; procedures are operational instructions
C. Policies are reviewed annually; procedures are not
D. Procedures are approved by executives; policies are informal
Answer: B. Policies are strategic rules; procedures are operational instructions
Policies define what must be done, while procedures describe how to do it.