CISA Domain 5 Practice Exam

The correct choice accurately highlights the dynamic between a corporate information security policy and security standards. In a corporate environment, the information security policy sets the overarching framework and principles for managing and protecting information assets. It outlines the organization's commitments to safeguarding data, defining roles and responsibilities, and establishing the scope of security practices.

Security standards, on the other hand, provide specific, detailed guidelines and requirements that support the implementation of the policy. These standards help operationalize the policy by translating its high-level directives into actionable measures and protocols. As such, standards are indeed developed under the guidance of the policies, ensuring that they align with the organization's overall security posture.

With this relationship, the standards act as a bridge that allows the organization to practically apply the principles set forth in the policy. Through adherence to these standards, the organization can work to meet the objectives of the policy effectively, ensuring compliance and consistency in security practices across the corporate environment.