CISM Certified Information Security Manager – Question0590

Who can BEST advocate the development of and ensure the success of an information security program?

A.
Internal auditor
B. Chief operating officer (COO)
C. Steering committee
D. IT management

Correct Answer: C

Explanation:

Explanation:
Senior management represented in the security steering committee is in the best position to advocate the establishment of and continued support for an information security program. The chief operating officer (COO) will be a member of that committee. An internal auditor is a good advocate but is secondary to the influence of senior management. IT management has a lesser degree of influence and would also be part of the steering committee.