A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy.
This policy, however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?

A. Lack of a formal risk management policy

B. Lack of a formal security policy governance process

C. Lack of formal definition of roles and responsibilities

D. Lack of a formal security awareness program








 

Suggested Answer: B

Community Answer: B



This question is in 712-50 Certified CISO (CCISO) Exam
For getting Certified CISO (CCISO)







Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by EC-Council. 
Trademarks, certification & product names are used for reference only and belong to EC-Council.
The website does not contain actual questions and answers from EC-Council's Certification Exams.