ABSTRACT
The correct answer is c because a published mission and functions statement is an element of a
central security program
. Each of the other answers is part of a
system-level security program
, as follows. Answer a, a system-specific security policy, documents the system security rules for operating or developing the system; answer b, life cycle management, helps to ensure that security is authorized by appropriate management and that changes to the system are made with attention to security; and answer d, appropriate integration with system operations, integrates effective security management into the management of the system to help ensure that the people who run the system security program understand the system, its mission, its technology, and its operating environment.
