94.1% complete

Question
A medium-sized organization's information security practices are being audited. The auditor is assessing the organization's use of an Acceptable Use Policy (AUP). What crucial aspect of the AUP should the auditor expect to find?

A.The AUP includes clear consequences for noncompliance.
B.The AUP includes guidance for change management requests.
C.The AUP includes the number of allowed password attempts before locking an account.
D.The AUP includes a list of approved software for each department.

1 answer

The most crucial aspect of an Acceptable Use Policy (AUP) that an auditor should expect to find is:

A. The AUP includes clear consequences for noncompliance.

An AUP is intended to define acceptable and unacceptable behaviors regarding the use of an organization's information systems and data. Having clear consequences for noncompliance is essential to ensure that users understand the seriousness of adhering to the policy and the potential repercussions of failing to do so. While the other options may relate to various aspects of information security, they are not typically central to the purpose of an AUP.