The PRIMARY objective of a security steering group is to:
A.
ensure information security covers all business functions.
B.
ensure information security aligns with business goals.
C.
raise information security awareness across the organization.
D.
implement all decisions on security management across the organization.
Explanation:
The security steering group comprises senior management of key business functions and has the
primary objective to align the security strategy with the business direction. Option A is incorrect
because all business areas may not be required to be covered by information security; but, if they
do, the main purpose of the steering committee would be alignment more so than coverage. While
raising awareness is important, this goal would not be carried out by the committee itself. The
steering committee may delegate part of the decision making to the information security manager;
however, if it retains this authority, it is not the primary’ goal.