Why do organizations have an information security policy?

A.
In order to demonstrate the operation of the Plan-Do-Check-Act cycle within an organization.

B.
In order to ensure that staff do not break any laws.

C.
In order to give direction to how information security is set up within an organization.

D.
In order to ensure that everyone knows who is responsible for carrying out the backup
procedures.

Explanation: