CompTIA Security+ SY0-701 Practice Question
During an organization's security policy review meeting, it was observed that there is currently no formal policy pertaining to the acceptable use of organizational assets and network resources. As part of establishing robust security governance within the company, which of the following policies should be proposed and implemented first to address this issue?
Acceptable Use Policy (AUP)
Disaster Recovery Policy
Change Management Policy
Software Development Lifecycle (SDLC) Policy