The MAIN reason for having the Information Security Steering Committee review a new security
controls implementation plan is to ensure that:
A.
the plan aligns with the organization’s business plan.
B.
departmental budgets are allocated appropriately to pay for the plan.
C.
regulatory oversight requirements are met.
D.
the impact of the plan on the business units is reduced.
Explanation:
The steering committee controls the execution of the information security strategy according to the
needs of the organization and decides on the project prioritization and the execution plan. The
steering committee does not allocate department budgets for business units. While ensuring that
regulatory oversight requirements are met could be a consideration, it is not the main reason for
the review. Reducing the impact on the business units is a secondary concern but not the main
reason for the review.