Which of the following is the MOST important aspect of an information security policy approved by the board of directors?
Which of the following is the MOST important aspect of an information security policy approved by the board of directors?
An information security policy must be modified periodically for relevance. This ensures that the policy remains current and adapts to new security threats, regulatory changes, and evolving business needs. While communication and other aspects are important, they are of little use if the policy itself is outdated and no longer relevant.
While it's essential for policies to be periodically reviewed and modified for relevance (option B), effective communication of the policy to all stakeholders is critical for ensuring compliance and understanding throughout the organization. Without clear communication, stakeholders may not be aware of their roles and responsibilities regarding information security, leading to potential vulnerabilities and non-compliance. Therefore, ensuring that the policy is effectively communicated to all relevant parties helps foster a culture of security awareness and promotes adherence to the established guidelines and procedures.
C. The policy must be communicated to all stakeholders.