Certified Information Security Manager (CISM) — Question 383

An organization's CIO has tasked the information security manager with drafting the charter for an information security steering committee. The committee will be comprised of the CIO, the IT shared services manager, the vice president of marketing, and the information security manager. Which of the following is the MOST significant issue with the development of this committee?

Answer options

• A. The committee consists of too many senior executives.
• B. The committee lacks sufficient business representation.
• C. There is a conflict of interest between the business and IT.
• D. The CIO is not taking charge of the committee.

Correct answer: B

Explanation

The most significant issue is that the committee lacks sufficient business representation, as it primarily consists of IT personnel and does not include other vital business stakeholders. This could lead to a disconnect between security initiatives and business objectives. The other options, while they may present challenges, do not address the fundamental issue of ensuring adequate business input in security decisions.