CISM Certified Information Security Manager – Question0136

The MAIN reason for having the Information Security Steering Committee review a new security controls implementation plan is to ensure that:

A.
the plan aligns with the organization's business plan.
B. departmental budgets are allocated appropriately to pay for the plan.
C. regulatory oversight requirements are met.
D. the impact of the plan on the business units is reduced.

Correct Answer: A

Explanation:

Explanation:
The steering committee controls the execution of the information security strategy according to the needs of the organization and decides on the project prioritization and the execution plan. The steering committee does not allocate department budgets for business units. While ensuring that regulatory oversight requirements are met could be a consideration, it is not the main reason for the review. Reducing the impact on the business units is a secondary concern but not the main reason for the review.