CISM Certified Information Security Manager – Question0635

Who can BEST approve plans to implement an information security governance framework?

A.
Internal auditor
B. Information security management
C. Steering committee
D. Infrastructure management

Correct Answer: C

Explanation:

Explanation:
Senior management that is part of the security steering committee is in the best position to approve plans to implement an information security governance framework. An internal auditor is secondary’ to the authority and influence of senior management. Information security management should not have the authority to approve the security governance framework. Infrastructure management will not be in the best position since it focuses more on the technologies than on the business.