Which of the following is MOST important for the IS auditor to verify when reviewing the development process of a security policy?
A. Evidence of active involvement of key stakeholders
B. Output from the enterprise’s risk management system
C. Identification of the control framework
D. Evidence of management approval
A. Evidence of active involvement of key stakeholders
B. Output from the enterprise’s risk management system
C. Identification of the control framework
D. Evidence of management approval