Certified Information Security Manager (CISM) — Question 803

Which of the following will BEST facilitate the integration of information security governance into enterprise governance?

Answer options

• A. Implementing an information security awareness program
• B. Documenting the information security governance framework
• C. Developing an information security policy based on risk assessments
• D. Establishing an information security steering committee

Correct answer: D

Explanation

Establishing an information security steering committee ensures ongoing oversight, alignment with business objectives, and integration of security governance into the larger governance framework. While the other options contribute to security governance, they do not provide the same level of structured collaboration and decision-making needed for effective integration.