CISM Certified Information Security Manager – Question0063 - CISM Certified Information Security Manager

The PRIMARY objective of a security steering group is to:

A. ensure information security covers all business functions.
B. ensure information security aligns with business goals.
C. raise information security awareness across the organization.
D. implement all decisions on security management across the organization.

Correct Answer: B

Explanation:

Explanation:
The security steering group comprises senior management of key business functions and has the primary objective to align the security strategy with the business direction. Option A is incorrect because all business areas may not be required to be covered by information security; but, if they do, the main purpose of the steering committee would be alignment more so than coverage. While raising awareness is important, this goal would not be carried out by the committee itself. The steering committee may delegate part of the decision making to the information security manager; however, if it retains this authority, it is not the primary’ goal.