Which of the following is MOST important for the IS auditor to verify when reviewing the development process of a security policy?

Which of the following is MOST important for the IS auditor to verify when reviewing the development process of a security policy?
A . Evidence of active involvement of key stakeholders
B . Output from the enterprise’s risk management system
C . Identification of the control framework
D . Evidence of management approval

View Answer

Answer: D