Certified Information Security Manager (CISM) — Question 818

Which of the following BEST enables the integration of information security governance into corporate governance?

Answer options

• A. Senior management approval of the information security strategy
• B. Clear lines of authority across the organization
• C. An information security steering committee with business representation
• D. Well-documented information security policies and standards

Correct answer: C

Explanation

The correct answer is C because having an information security steering committee with business representation ensures that security governance is aligned with business objectives and provides the necessary oversight. Options A, B, and D, while important, do not facilitate the direct integration of security governance within the overall corporate governance framework as effectively as a dedicated committee does.