Certified Information Security Manager (CISM) — Question 1112

Which of the following is MOST important for an information security steering committee to ensure?

Answer options

• A. Funding is available for information security projects.
• B. Information security is managed as a business critical issue.
• C. Periodic information security audits are conducted.
• D. Resources used for information security projects are minimized.

Correct answer: B

Explanation

The correct answer, B, emphasizes the significance of treating information security as a vital aspect of business operations, ensuring it receives the necessary attention and resources. While A and C are important, they are secondary to the overarching requirement of managing security as a critical business concern. Option D undermines the importance of security by suggesting resource minimization, which could lead to vulnerabilities.