When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?
A . Only when assets are clearly defined
B . Only when standards are defined
C . Only when controls are put in place
D . Only procedures are defined
Answer: A
Latest CISSP Dumps Valid Version with 981 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund