CISM Certified Information Security Manager – Question1070

Which of the following are the MOST important individuals to include as members of an information security steering committee?

A.
Direct reports to the chief information officer
B. IT management and key business process owners
C. Cross-section of end users and IT professionals
D. Internal audit and corporate legal departments

Correct Answer: B

Explanation:

Explanation:
Security steering committees provide a forum for management to express its opinion and take some ownership in the decision making process. It is imperative that business process owners be included in this process. None of the other choices includes input by business process owners.