CISA Certified Information Systems Auditor – Question0558

Which of the following is a step in establishing a security policy?

A.
Developing platform-level security baselines.
B. Developing configurations parameters for the network,
C. Implementing a process for developing and maintaining the policy.
D. Creating a RACI matrix.

Correct Answer: C