According to ISO/IEC 27000, which of the following terms refers to the intentions and direction of an organization, as formally expressed by its top management?

According to ISO/IEC 27000, which of the following terms refers to the intentions and direction of an organization, as formally expressed by its top management?
A . Procedure
B . Guideline
C . Policy

Answer: C

Explanation:

According to ISO/IEC 27000, a policy refers to the intentions and direction of an organization as formally expressed by its top management. Policies set the foundation for how an organization operates and ensures that strategic objectives are met.

Detailed Explanation

Policy:

Definition: A high-level document that outlines the principles, rules, and guidelines formulated by an organization’s top management.

Purpose: To provide direction and intent regarding various aspects of the organization’s operations, including cybersecurity.

Characteristics: Policies are typically broad, strategic, and reflect the organization’s objectives and commitments.

Cybersecurity

Reference: ISO/IEC 27000 Series: This series of standards provides guidelines for information security management systems (ISMS). According to ISO/IEC 27000:2018, a policy is defined as the "intentions and direction of an organization as formally expressed by its top management."

ISO/IEC 27001: This standard specifically requires the establishment of an information security policy to direct the ISMS.

By defining a clear policy, an organization like EuroTech Solutions can ensure that its cybersecurity measures align with its strategic goals and regulatory requirements.