Certified Information Security Manager (CISM) — Question 1244

Which of the following BEST indicates that information security governance and corporate governance are integrated?

Answer options

• A. The information security team is aware of business goals.
• B. A cost-benefit analysis is conducted on all information security initiatives.
• C. The board is regularly informed of information security key performance indicators (KPIs).
• D. The information security steering committee is composed of business leaders.

Correct answer: D

Explanation

The correct answer, D, shows that the information security steering committee includes business leaders, indicating a strong integration between information security and corporate governance. Options A, B, and C, while important, do not necessarily demonstrate the structural integration that is best indicated by the involvement of business leaders in the steering committee.