Policies should be written by ________.
A) IT security
B) corporate teams involving people from multiple departments
C) a senior executive
D) an outside consultant, to maintain independence

Question

Quizplus · Accepted Answer

Policies should be written by corporate teams involving people from multiple departments to ensure that all areas of the organization are considered and included in the policy. This also ensures buy-in and understanding from all departments. IT security can provide expertise, but should not be the sole author of policies. A senior executive can provide oversight and approval, but may not have enough knowledge of specific departments to write a comprehensive policy. Outsourcing to an outside consultant may not involve enough input from within the organization and may result in policies that do not align with the company's culture or values.

Policies Should Be Written by ________