CISM Certified Information Security Manager – Question0465

What is the MOST important item to be included in an information security policy?

A.
The definition of roles and responsibilities
B. The scope of the security program
C. The key objectives of the security program
D. Reference to procedures and standards of the security program

Correct Answer: C

Explanation:

Explanation: Stating the objectives of the security program is the most important element to ensure alignment with business goals. The other choices are part of the security policy, but they are not as important.