CISM Certified Information Security Manager – Question0204

An organization enacted several information security policies to satisfy regulatory requirements. Which of the following situations would MOST likely increase the probability of noncompliance to these requirements?

A.
Inadequate buy-in from system owners to support the policies
B. Availability of security policy documents on a public website
C. Lack of training for end users on security policies
D. Lack of an information security governance framework

Correct Answer: D