Why is it vitally important that senior management endorse a security policy?

So that they will accept ownership for security within the organization.
So that employees will follow the policy directives.
So that external bodies will recognize the organizations commitment to security.
So that they can be held legally accountable.

Answer(s): A

When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?

When there is a need to develop a more unified incident response capability.
When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.
When there is a variety of technologies deployed in the infrastructure.
When it results in an overall lower cost of operating the security program.

Answer(s): B

What is the relationship between information protection and regulatory compliance?

That all information in an organization must be protected equally.
The information required to be protected by regulatory mandate does not have to be identified in the organizations data classification policy.
That the protection of some information such as National ID information is mandated by regulation and other information such as trade secrets are protected based on business need.
There is no relationship between the two.

Answer(s): C