Certified Information Security Manager (CISM) — Question 697

Which of the following is the MOST important function of an information security steering committee?

Answer options

• A. Assigning data classifications to organizational assets
• B. Defining security standards for logical access controls
• C. Developing organizational risk assessment processes
• D. Obtaining multiple perspectives from the business

Correct answer: D

Explanation

The most crucial role of an information security steering committee is to gather various viewpoints from different business areas to ensure comprehensive security strategies. While assigning data classifications, defining security standards, and developing risk assessment processes are important, they are secondary to the overarching goal of aligning security efforts with diverse business needs.