38
Answer (Choose 1 answer)
An effective information security policy should not have which of the following characteristic?
A. Include separation of duties
B. Be designed with a short-to mid-term focus
C. Be understandable and supported by all stakeholders
D. Specify areas of responsibility and authority
