Certified Information Security Manager (CISM) — Question 711

Which of the following is the BEST approach to make strategic information security decisions?

Answer options

• A. Establish periodic senior management meetings.
• B. Establish regular information security status reporting.
• C. Establish an information security steering committee.
• D. Establish business unit security working groups.

Correct answer: C

Explanation

The correct answer is C, as an information security steering committee can provide focused oversight and strategic direction for security initiatives. While the other options help improve communication and reporting, they do not offer the same level of strategic alignment and decision-making authority that a steering committee provides.