nerdexam
(ISC)2

CISSP · Question #937

Which of the following is the BEST reason for writing an information security policy?

The correct answer is A. To support information security governance. An information security policy is a foundational document that defines the organization's approach to protecting its information assets. Its primary role is to support information security governance by providing a structured framework for decision-making, guiding actions, and en

Submitted by akirajp· Mar 5, 2026Security and Risk Management

Question

Which of the following is the BEST reason for writing an information security policy?

Options

  • ATo support information security governance
  • BTo reduce the number of audit findings
  • CTo deter attackers
  • DTo implement effective information security controls

How the community answered

(22 responses)
  • A
    82% (18)
  • B
    5% (1)
  • C
    5% (1)
  • D
    9% (2)

Explanation

An information security policy is a foundational document that defines the organization's approach to protecting its information assets. Its primary role is to support information security governance by providing a structured framework for decision-making, guiding actions, and ensuring consistency across the organization. It aligns the organization's security efforts with its business objectives and regulatory requirements, establishing clear roles, responsibilities, and accountability for security measures.

Topics

#security policy#information security governance#security documentation

Community Discussion

No community discussion yet for this question.

Full CISSP Practice