Certified Information Systems Auditor (CISA) — Question 739

Demonstrated support from which of the following roles in an organization has the MOST influence over information security governance?

Answer options

• A. Information security steering committee
• B. Chief information security officer (CISO)
• C. Board of directors
• D. Chief information officer (CIO)

Correct answer: C

Explanation

The Board of directors has the highest level of authority and can enforce policies that shape the organization’s approach to information security governance. While the CISO and CIO play important roles in security management, their influence is typically limited to their respective departments. The information security steering committee also contributes but does not carry the same weight as the Board in governance matters.