When an information security policy has been designed, it is
MOST important that the information security policy be:
A. stored offsite.
B. written by IS management.
C. circulated to users.
D. updated frequently.
Answer Posted / guest
Answer: C
To be effective, an information security policy should reach
all members of the staff. Storing the security policy
offsite or in a safe place may be desirable but of little
value if its contents are not known to the organization's
employees. The information security policy should be written
by business unit managers including IS, but not exclusively
IS managers. Updating the information security policy is
important but will not assure its dissemination.
Is This Answer Correct ? | 6 Yes | 0 No |
Post New Answer View All Answers