A company Chief Information Officer (CIO) is unsure which set of standards should govern the company’s IT policy. The CIO has hired consultants to develop use cases to test against various government and industry security standards. The CIO is convinced that there is large overlap between the configuration checks and security controls governing each set of standards. Which of the following selections represent the BEST option for the CIO?

A company Chief Information Officer (CIO) is unsure which set of standards should govern the company’s IT policy. The CIO has hired consultants to develop use cases to test against various government and industry security standards. The CIO is convinced that there is large overlap between the configuration checks and security controls governing each set of standards. Which of the following selections represent the BEST option for the CIO?
A . Issue a RFQ for vendors to quote a complete vulnerability and risk management solution to the company.
B . Issue a policy that requires only the most stringent security standards be implemented throughout the company.
C . Issue a policy specifying best practice security standards and a baseline to be implemented across the company.
D . Issue a RFI for vendors to determine which set of security standards is best for the company.

View Answer

Answer: C