How does an organization's information security steering committee facilitate the achievement of information security program objectives?
How does an organization's information security steering committee facilitate the achievement of information security program objectives?
An organization's information security steering committee facilitates the achievement of information security program objectives primarily by making decisions on security priorities. The committee's key role is to provide strategic guidance and oversight for the organization's information security efforts. This includes determining where resources should be allocated, deciding which security initiatives should take precedence, and addressing emerging threats and vulnerabilities. By setting the direction and vision of the information security program, the committee ensures alignment with the organization's overall goals and objectives.
B it is boys!
Agreed on B
An information security steering committee can facilitate the achievement of information security program objectives by making decisions on security priorities. The committee is responsible for setting the direction and vision of the organization's information security program and establishing priorities based on risk assessments and business needs. They can allocate resources and make decisions on what security measures should be implemented, such as technology, policies, and procedures, to achieve the security objectives. The committee may also review and evaluate the effectiveness of the security measures implemented and make necessary adjustments to ensure that the organization's information security program remains effective.
B. Making decisions on security priorities
D. Evaluating information security metrics by evaluating the metrics, they can check the status, make decisions on policies among other things to make sure the org can achieve the objectives.
Why not B?
B. Making decisions on security priorities
D. Evaluating information security metrics is indeed a task that the steering committee might engage in to gauge the effectiveness of the security program, but the core facilitation occurs through setting priorities and directing the strategic focus of the program.
Infosec manager evaluates the metrics and presents them to the steering committee, who then (based on that) decides on direction and priorities.
B. Making decisions on security priorities An organization's information security steering committee facilitates the achievement of information security program objectives primarily by making decisions on security priorities. The steering committee typically consists of key stakeholders from various departments within the organization, including IT, legal, compliance, and business units. Its role is to provide strategic guidance and oversight for the organization's information security efforts. By making decisions on security priorities, the committee helps ensure that the information security program aligns with the organization's overall goals and objectives. This includes determining where resources should be allocated, which security initiatives should take precedence, and how to address emerging threats and vulnerabilities. Their decisions can have a significant impact on the direction and effectiveness of the information security program.
I would say it uses D (metrics) in order to achieve B. B is actually the helpful part so I'd go with that.
Steering committees are all about steering to the right directions when needed. Therefore answer is clearly B
Measurement can help to make decisions which all help to achieve. Hence Metrics is my choice.
to evaluate achievement is needed the metrics.