Which of the following is not an important aspect of an organizational security policy?

A.
The policy should dictate business objectives.

B.
It should be developed and used to integrate security into all business functions and processes.

C.
Each iteration of the policy should be dated and under version control.

D.
It should be reviewed and modified as a company changes

Explanation:
The most correct answer is "The policy should dictate business
objectives" – this would be dictated in the overall business strategy.