Certified Information Systems Auditor (CISA) — Question 651

Which of the following is the MOST important aspect of an information security policy approved by the board of directors?

Answer options

• A. The policy must provide guidance for information classification.
• B. The policy must be modified periodically for relevance.
• C. The policy must be communicated to all stakeholders.
• D. The policy must address the privacy of stakeholder information.

Correct answer: C

Explanation

The correct answer is C because effective communication of the policy ensures that all stakeholders understand their responsibilities and the security measures in place. Options A, B, and D, while important aspects, do not hold the same critical importance in ensuring that the policy is actively understood and followed by all parties involved.