(Choose 1 answer)
Which of the following is NOT among the three types of InfoSec policies based on NIST's Special Publication 800-14?
A. Enterprise information security policy
B. User-specific security policies
C. Issue-specific security policies
D. System-specific security policies
E. None of the mentioned
E22
