CISA Question #70: Real Exam Question with Answer & Explanation

The correct answer is D: Compliance with relevant regulations. When developing information security policies and procedures, the most important factor is ensuring compliance with all relevant regulations, laws, and industry standards.

Submitted by yaw92· Apr 18, 2026Governance and Management of IT

Question

Which of the following is the MOST important factor when an organization is developing information security policies and procedures?

Options

AConsultation with security staff
BAlignment with an information security framework
CInclusion of mission and objectives
DCompliance with relevant regulations

Explanation

When developing information security policies and procedures, the most important factor is ensuring compliance with all relevant regulations, laws, and industry standards.

Common mistakes.

A. Consultation with security staff is crucial for practical implementation and technical accuracy, but it serves as a means to achieve compliance and effective security, not the primary driving factor itself.

Concept tested. Info security policy (regulatory compliance)

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf

Topics

#Information Security Policies#Compliance#Regulatory Requirements#IT Governance

Community Discussion

No community discussion yet for this question.

Full CISA Practice Browse All CISA Questions