? Match the following:

A. Specifies the subjects and objects that users or groups can access.
B. A clear declaration that outlines the scope and applicability of a policy.
C. When issues are addressed by moving from the general to the specific, always starting with policy.
D. Organizational policies that often function as standards or procedures to be used when configuring or maintaining systems.
E. Step-by-step instructions designed to assist employees in following policies, standards, and guidelines.
F. The high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts.
G. A detailed statement of what must be done to comply with policy, sometimes viewed as the rules governing policy compliance.
H. Specifications of authorization that govern the rights and privileges of users to a particular information asset.
I. A section of policy that should specify users' and systems administrators' responsibilities.
J. An organizational policy that provides detailed, targeted guidance to instruct all members of the organization in the use of a resource, such as one of its processes or technologies.

A. capability table
B. statement of purpose
C. bull's eye model
D. SysSP
E. procedures
F. InfoSec policy
G. standard
H. access control lists
I. systems management
J. ISSP