Certified Information Security Manager (CISM) — Question 1186

Which of the following BEST indicates effective information security governance?

Answer options

• A. Availability of information security policies
• B. Regular steering committee meetings
• C. Organization-wide attendance at annual security training
• D. Regular testing of the security incident response plan

Correct answer: B

Explanation

Option B is correct because regular steering committee meetings facilitate ongoing oversight and strategic alignment of security practices with organizational goals. While options A, C, and D are important components of security governance, they do not provide the same level of continuous engagement and direction as the steering committee meetings do.