Which document outlines an organization’s security objectives and protocols?

The document that outlines an organization’s security objectives and protocols is the security policy. A security policy serves as a foundational guideline that defines the organization's approach to protecting its information assets. It specifies the standards, rules, and practices that must be followed to ensure the confidentiality, integrity, and availability of information.

A well-crafted security policy establishes clear expectations for both employees and systems, detailing acceptable use of resources, roles and responsibilities, and procedures for maintaining security. This policy often encompasses various aspects like data protection, user access controls, and compliance with legal and regulatory requirements. By doing this, it helps ensure a consistent security posture and creates a framework for decision-making regarding security-related matters.

The other options serve different purposes within an organization's security framework. An incident response plan focuses on how to respond to security breaches or incidents. A network diagram is used to visualize the architecture of the network and how devices connect, but it does not define security strategies. A risk assessment report identifies vulnerabilities and assesses risks to assets, laying the groundwork for developing a security policy, but it does not provide the overarching objectives and procedures that a security policy does.