CISA Certified Information Systems Auditor – Question2600

To help ensure the organization’s information assets are adequately protected, which of the following considerations is MOST important when developing an information classification and handling policy?

A.
The policy has been mapped against industry frameworks for classifying information assets.
B. The policy is owned by the head of information security, who has the authority to enforce the policy.
C. The policy specifies requirements to safeguard information assets based on their importance to the organization.
D. The policy is subject to periodic reviews to ensure its provisions are up to date.

Correct Answer: D