To ensure that all information security procedures are functional and accurate, they should be
designed with the involvement of:
A.
end users.
B.
legal counsel.
C.
operational units.
D.
audit management.
Explanation:
Procedures at the operational level must be developed by or with the involvement of operational
units that will use them. This will ensure that they are functional and accurate. End users and legal
counsel are normally not involved in procedure development. Audit management generally
oversees information security operations but does not get involved at the procedural level.