Certified Information Systems Security Professional – CISSP – Question076

Which of the following is the BEST reason for writing an information security policy?

A. To support information security governance
B. To reduce the number of audit findings
C. To deter attackers
D. To implement effective information security controls

Correct Answer: A