Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organization’s information security policy?

Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organization’s information security policy?
A . Alignment with the IT tactical plan
B . IT steering committee minutes
C . Compliance with industry best practice
D . Business objectives

View Answer

Answer: D

Explanation:

The most important consideration for an IS auditor when assessing the adequacy of an organization’s information security policy is its alignment with the business objectives. The information security policy is a high-level document that defines the organization’s vision, goals, principles, and responsibilities for protecting its information assets. The information security policy should support and enable the achievement of the business objectives, such as increasing customer satisfaction, enhancing competitive advantage, or complying with legal requirements. The information security policy should also be consistent with other relevant policies, standards, and frameworks that guide the organization’s governance, risk management, and compliance activities.