Which of the following individuals would be in the BEST position to sponsor the creation of an
information security steering group?
A.
Information security manager
B.
Chief operating officer (COO)
C.
Internal auditor
D.
Legal counsel
Explanation:
The chief operating officer (COO) is highly-placed within an organization and has the most
knowledge of business operations and objectives. The chief internal auditor and chief legalcounsel are appropriate members of such a steering group. However, sponsoring the creation of
the steering committee should be initiated by someone versed in the strategy and direction of the
business. Since a security manager is looking to this group for direction, they are not in the best
position to oversee formation of this group.