Which of the following is an essential characteristic of an effective Information Security Policy?

An effective Information Security Policy must explicitly state the management's commitment to information security because this commitment serves as a foundational element that reinforces the importance of security within the organization. When management visibly supports and prioritizes information security, it encourages a culture of security awareness among all employees and stakeholders. This commitment is crucial for the policy's acceptance and for motivating staff to comply with security practices.

This characteristic helps in establishing clear expectations and responsibilities, creating a sense of accountability at all levels of the organization. It also indicates the seriousness with which management takes information security, lending credibility and authority to the policy itself. Therefore, without this explicit commitment, the policy may lack the necessary support needed for its successful implementation and enforcement.