CISA Certified Information Systems Auditor – Question2661

Which of the following is the PRIMARY purpose of documenting and approving an information security policy?

A.
To communicate management’s intent for securing the organization’s information assets
B. To mitigate the organization’s information security risk to an acceptable level
C. To ensure awareness of disciplinary procedures for security breaches by authorized users
D. To determine the best approach for implementing information security within the organization

Correct Answer: A