Which of the following is an element of the enterprise information security policy?
A) access control lists
B) information on the structure of the InfoSec organization
C) articulation of the organization's SDLC methodology
D) indemnification of the organization against liability

Question

Quizplus · Accepted Answer

The enterprise information security policy should include information on the structure of the InfoSec organization to provide guidance on who is responsible for implementing and enforcing security policies and procedures.

Other options:
A) Access control lists are a technical security measure that would be outlined in a security standard or guideline, not the overall policy.
C) Articulation of the organization's SDLC methodology is a process document that is separate from the overall policy.
D) Indemnification of the organization against liability is a legal concept that would not typically be included in an information security policy.

Which of the Following Is an Element of the Enterprise