An organization has established information security policies, but the information security manager has noted a large number of exception requests. Which of the following is the MOST likely reason for this situation?
A. The organization is operating in a highly regulated industry.
B. The information security program is not adequately funded.
C. The information security policies lack alignment with corporate goals.
D. The information security policies are not communicated across the organization
A. The organization is operating in a highly regulated industry.
B. The information security program is not adequately funded.
C. The information security policies lack alignment with corporate goals.
D. The information security policies are not communicated across the organization