Certified Information Security Manager (CISM) — Question 549

What is the PRIMARY responsibility of the security steering committee?

Answer options

• A. Implement information security control.
• B. Develop information security policy.
• C. Set direction and monitor performance.
• D. Provide information security training to employees.

Correct answer: C

Explanation

The primary role of the security steering committee is to set direction and monitor performance, ensuring that security initiatives align with organizational goals. While implementing controls, developing policies, and training employees are important, they fall under the responsibilities of other roles or teams within the organization.