Who can BEST advocate the development of and ensure the success of an information security
program?
A.
Internal auditor
B.
Chief operating officer (COO)
C.
Steering committee
D.
IT management
Explanation:
Senior management represented in the security steering committee is in the best position to
advocate the establishment of and continued support for an information security program. The
chief operating officer (COO) will be a member of that committee. An internal auditor is a good
advocate but is secondary to the influence of senior management. IT management has a lesser
degree of influence and would also be part of the steering committee.