CISM Certified Information Security Manager – Question0954

Which of the following will BEST ensure that management takes ownership of the decision making process for information security?

A.
Security policies and procedures
B. Annual self-assessment by management
C. Security-steering committees
D. Security awareness campaigns

Correct Answer: C

Explanation:

Explanation:
Security steering committees provide a forum for management to express its opinion and take ownership in the decision making process. Security awareness campaigns, security policies and procedures, and self- assessment exercises are all good but do not exemplify the taking of ownership by management.