Which of the following should be of GREATEST concern to an IS auditor performing a review of information security controls? A. The information security policy does not include mobile device provisions. B. The information security policy is not frequently reviewed. C. The information security policy has not been approved by the chief audit executive (CAE). D. The information security policy has not been approved by the policy owner. Â Suggested Answer: D Community Answer: D This question is in CISA Certified Information Systems Auditor Exam For getting Certified Information Systems Auditor (CISA) Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by ISACA. Trademarks, certification & product names are used for reference only and belong to ISACA. The website does not contain actual questions and answers from ISACA's Certification Exams.
Please login or Register to submit your answer