Certified Information Security Manager (CISM) — Question 81

Which of the following is MOST likely to be included in an enterprise security policy?

Answer options

• A. Definitions of responsibilities
• B. Retention schedules
• C. System access specifications
• D. Organizational risk

Correct answer: A

Explanation

The correct answer is A because an enterprise security policy typically outlines the roles and responsibilities of individuals regarding security measures. Options B, C, and D may be relevant to security but are not as central to the overarching structure of a security policy as defining responsibilities.