Question 55
Main Page
You are mentoring a junior CISO. They ask about the difference between policies and procedures. What do you tell them?
A. Procedures are general guidance, while policies are detailed steps
B. Policies are strategic rules; procedures are operational instructions
C. Policies are reviewed annually; procedures are not
D. Procedures are approved by executives; policies are informal