Which of the following is MOST important to ensure when considering exceptions to an information security policy? A. Exceptions are approved by executive management. B. Exceptions undergo regular review. C. Exceptions reflect the organizational risk appetite. D. Exceptions are based on data classification. Suggested Answer: C This question is in CISM exam For getting Certified Information Security Manager Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by ISACA. The website does not contain actual questions and answers from ISACA's Certification Exams. Trademarks, certification & product names are used for reference only and belong to ISACA.
Please login or Register to submit your answer