A mandatory requirement, code of practice or specification approved by a recognized external standards organization.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Master ISACA's IT Risk Fundamentals with our comprehensive test preparation. Dive into flashcards and multiple choice questions, complete with hints and explanations, and ensure you're fully prepared for your certification success.

Multiple Choice

A mandatory requirement, code of practice or specification approved by a recognized external standards organization.

Explanation:
Standards are formal, mandatory requirements or specifications that are approved by a recognized external standards organization. They provide a baseline that organizations implement to ensure consistency, security, and interoperability across systems and processes. A policy, by contrast, is an internal directive expressing management intent and high-level requirements; it isn’t necessarily created or approved by an external body. A procedure translates those policies into concrete steps to be followed, focusing on how to implement the policy. A threat is a potential harmful event considered in risk assessment, not a normative document. The description matches a standard because it emphasizes a mandatory requirement or specification that has external approval. Examples like ISO/IEC 27001 or PCI DSS illustrate standards used to meet recognized external expectations.

Standards are formal, mandatory requirements or specifications that are approved by a recognized external standards organization. They provide a baseline that organizations implement to ensure consistency, security, and interoperability across systems and processes. A policy, by contrast, is an internal directive expressing management intent and high-level requirements; it isn’t necessarily created or approved by an external body. A procedure translates those policies into concrete steps to be followed, focusing on how to implement the policy. A threat is a potential harmful event considered in risk assessment, not a normative document.

The description matches a standard because it emphasizes a mandatory requirement or specification that has external approval. Examples like ISO/IEC 27001 or PCI DSS illustrate standards used to meet recognized external expectations.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy