CISA Practice Question (the copyright is mine)

Which of the following BEST describes the purpose of an information security policy?

A. To define the organization's security objectives and establish control requirements

B. To outline specific procedures for responding to security incidents

C. To assign roles and responsibilities for managing security threats

D. To provide technical guidance on securing IT infrastructure

Comment with your answer!

N.B. posting this is not copyright infringement - it's not copied from anyone else's resource/documentation. 

More CISA Practice Questions for iOS