Security Documentation
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Information Systems Security Professional premium course — no separate purchase.
Included in this chapter:
- The documentation hierarchy: one model for five document types
- Each document type defined, with its tell
- Why altitude and force are separate axes
- Exam-pattern recognition: classify the document, pick the right move
The five security-documentation types: altitude, force, and example
| Document type | Mandatory? | Altitude / answers | Typical content example |
|---|---|---|---|
| Policy | Mandatory | Highest; the "what" and "why" (management intent, technology-neutral) | "All portable devices storing company data must be encrypted." |
| Standard | Mandatory | Specific requirement; the named "with what" | "Use AES-256 full-disk encryption with a centrally escrowed key." |
| Baseline | Mandatory | Minimum acceptable configuration; the "at least this" | "Every server must meet the CIS Level 1 hardening benchmark." |
| Procedure | Mandatory | Exact ordered steps; the "how, step by step" | "Steps 1-11 to enable and verify disk encryption on a new laptop." |
| Guideline | Discretionary | Recommendation; the optional "how you might" | "You should consider rotating recovery keys each quarter." |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.