CISA Certified Information Systems Auditor – Question0620

Which of the following is a directive control?

A.
Establishing an information security operations team
B. Updating data loss prevention software
C. Implementing an information security policy
D. Configuring data encryption software

Correct Answer: C