An information security manager discovers that the organization’s new information security policy is not being followed across all departments.
Which of the following should be of GREATEST concern to the information security manager?
A . Different communication methods may be required for each business unit.
B . Business unit management has not emphasized the importance of the new policy.
C . The corresponding controls are viewed as prohibitive to business operations.
D . The wording of the policy is not tailored to the audience.
Answer: C