Certified Information Security Manager (CISM) — Question 926

Of the following, who would provide the MOST relevant input when aligning the information security strategy with organizational goals?

Answer options

• A. Data privacy officer (DPO)
• B. Chief information security officer (CISO)
• C. Information security steering committee
• D. Enterprise risk committee

Correct answer: C

Explanation

The Information Security Steering Committee is best positioned to align the information security strategy with organizational goals since it typically consists of stakeholders from various departments who understand both security needs and business objectives. While the CISO and other roles provide important insights, they may not have the comprehensive view of all organizational goals that the committee does.