Certified Information Security Manager (CISM) — Question 528
Which of the following is the PRIMARY responsibility of an information security steering committee?
Answer options
- A. Setting up password expiration procedures
- B. Drafting security policies
- C. Prioritizing security initiatives
- D. Reviewing firewall rules
Correct answer: C
Explanation
The primary responsibility of an information security steering committee is to prioritize security initiatives, ensuring that resources are allocated effectively to address the most critical issues. While drafting policies, reviewing firewall rules, and setting password procedures are important tasks, they typically fall under the purview of specific teams rather than the steering committee itself.