Certified Information Security Manager (CISM) — Question 541

Which of the following is the MOST important function of an information security steering committee?

Answer options

• A. Evaluating the effectiveness of information security controls on a periodic basis
• B. Defining the objectives of the information security framework
• C. Conducting regular independent reviews of the state of security in the business
• D. Approving security awareness content prior to publication

Correct answer: B

Explanation

The correct answer is B because the steering committee is primarily responsible for setting the objectives of the information security framework, which guides all security initiatives. The other options, while important, focus on evaluating or approving aspects that fall under the framework's objectives rather than defining them.