CISM Certified Information Security Manager – Question1111 - CISM Certified Information Security Manager

The configuration management plan should PRIMARILY be based upon input from:

A. business process owners.
B. the information security manager.
C. the security steering committee.
D. IT senior management.

Correct Answer: D

Explanation:

Explanation:
Although business process owners, an information security manager and the security steering committee may provide input regarding a configuration management plan, its final approval is the primary responsibility of IT senior management.