Certified Information Security Manager (CISM) — Question 562

Which of the following is the PRIMARY responsibility of an information security steering committee composed of management representation from business units?

Answer options

• A. Oversee the execution of the information security strategy.
• B. Perform business impact analyses (BIAs).
• C. Manage the implementation of the information security plan.
• D. Monitor the treatment of information security risk.

Correct answer: A

Explanation

The primary role of an information security steering committee is to oversee the execution of the information security strategy, ensuring alignment with business objectives. While performing BIAs, managing the security plan, and monitoring risks are important tasks, they are typically handled by other teams or committees rather than the steering committee itself.