CISA Certified Information Systems Auditor – Question1942

Which of the following should be the GREATEST concern to an IS auditor reviewing the information security framework of an organization?

A.
The information security policy has not been updated in the last two years.
B. A list of critical information assets was not included in the information security policy.
C. Senior management was not involved in the development of the information security policy.
D. The information security policy is not aligned with regulatory requirements.

Correct Answer: B