Which of the following would BEST ensure the success of information security governance within an organization?
A . Steering committees approve security projects
B . Security policy training provided to all managers
C . Security training available to all employees on the intranet
D . Steering committees enforce compliance with laws and regulations
Answer: A
Explanation:
The existence of a steering committee that approves all security projects would be an indication of the existence of a good governance program. Compliance with laws and regulations is part of the responsibility of the steering committee but it is not a full answer. Awareness training is important at all levels in any medium, and also an indicator of good governance.
However, it must be guided and approved as a security project by the steering committee.
Leave a Reply