CISM Certified Information Security Manager – Question0954 - CISM Certified Information Security Manager

Which of the following will BEST ensure that management takes ownership of the decision making process for information security?

A. Security policies and procedures
B. Annual self-assessment by management
C. Security-steering committees
D. Security awareness campaigns

Correct Answer: C

Explanation:

Explanation:
Security steering committees provide a forum for management to express its opinion and take ownership in the decision making process. Security awareness campaigns, security policies and procedures, and self- assessment exercises are all good but do not exemplify the taking of ownership by management.