Certified Chief Information Security Officer (CCISO) — Question 46

An organization's Information Security Policy is of MOST importance because_____________.

Answer options

• A. It defines a process to meet compliance requirements
• B. It establishes a framework to protect confidential information
• C. It communicates management's commitment to protecting information resources
• D. It is formally acknowledged by all employees and vendors

Correct answer: C

Explanation

The correct answer, C, highlights that the policy is essential for demonstrating management's commitment to information security, which is crucial for fostering a security culture. While options A, B, and D also address important aspects of an information security policy, they do not capture the primary significance of management's commitment as emphasized in option C.