A security manager is reviewing a set of documents: an organizational security policy, a standard for encryption, a guideline for remote access, and a procedure for incident response. Which document is at the highest level in the policy hierarchy?
Policy is the top-level document.
Why this answer
In the policy hierarchy, policy is the highest-level document, setting overarching direction. Standards, guidelines, and procedures are subordinate.