What is the greatest risk for an organization if no information security policy has been defined?
A . If everyone works with the same account, it is impossible to find out who worked on what.
B . Information security activities are carried out by only a few people.
C . Too many measures areimplemented.
D . It is not possible for an organization to implement information security in a consistent manner.