CISM Certified Information Security Manager – Question0173

Which of the following is a PRIMARY responsibility of an information security governance committee?

A. Analyzing information security policy compliance reviews
B. Approving the purchase of information security technologies
C. Reviewing the information security strategy
D. Approving the information security awareness training strategy

Correct Answer: C