Certified Information Systems Auditor (CISA) — Question 142

Which of the following is the MOST important factor when an organization is developing information security policies and procedures?

Answer options

• A. Consultation with security staff
• B. Alignment with an information security framework
• C. Inclusion of mission and objectives
• D. Compliance with relevant regulations

Correct answer: D

Explanation

The correct answer is D, as compliance with relevant regulations ensures that the organization meets legal and industry requirements, which is crucial for avoiding penalties and protecting the organization. While consultation, alignment, and inclusion of objectives are important, they do not take precedence over the necessity to comply with regulations.