Information security governance steering committees oversee the creation, approval, and maintenance of security policies. They ensure that policies align with organizational objectives and regulatory requirements.
Policy Vetting as a Core Function:
Ensures policies are comprehensive, relevant, and enforceable.
Addresses the balance between security and operational efficiency.
Why Other Options Are Incorrect:
A. Approving Access: This is typically handled by access control processes or data owners.
B. Security Awareness Programs: Content development is operational, not governance.
C. Interviewing Candidates: Staffing decisions are usually outside the committee's scope.
References:
EC-Council underscores policy governance as a fundamental responsibility of information security steering committees
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit