CISA Certified Information Systems Auditor – Question0974

Which of the following is the BEST recommendation for the establishment of an information security policy?

A.
The policy should be developed by IS management.
B. The development and approval should be overseen by business area management.
C. The policy and guidelines should be developed by the human resources department.
D. The policy should be developed by the security administrator.

Correct Answer: B