Question: An effective information security policy should not have which of the following characteristics?
A. Include separation of duties.
B. Be designed with a short-to mid-term focus.
C. Be understandable and supported by all stakeholders.
D. Specify areas of responsibility and authority.

Download pdf (with explanations) edition of this exam.