Which of the following issues identified during a formal review of an organization's information security policies presents the GREATEST potential risk to the organization? A. The policies have not been reviewed by the risk management committee. B. The policies are not based on industry best practices for information security. C. The policies are not aligned with the information security risk appetite. D. The policies are not available to key risk stakeholders. Â Suggested Answer: C This question is in CISA Certified Information Systems Auditor Exam For getting Certified Information Systems Auditor (CISA) Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by ISACA. Trademarks, certification & product names are used for reference only and belong to ISACA. The website does not contain actual questions and answers from ISACA's Certification Exams.
Please login or Register to submit your answer