Certified Information Security Manager (CISM) — Question 1231

How does an organization's information security steering committee facilitate the achievement of information security program objectives?

Answer options

• A. Monitoring information security resources
• B. Making decisions on security priorities
• C. Enforcing regulatory and policy compliance
• D. Evaluating information security metrics

Correct answer: B

Explanation

The correct answer is B because the steering committee is primarily responsible for setting and prioritizing security initiatives to align with organizational goals. While monitoring resources, enforcing compliance, and evaluating metrics are important, they are not the central role of the committee in achieving program objectives.