Which of the following will BEST ensure that management takes ownership of the decision making
process for information security?
A.
Security policies and procedures
B.
Annual self-assessment by management
C.
Security- steering committees
D.
Security awareness campaigns
Explanation:
Security steering committees provide a forum for management to express its opinion and take
ownership in the decision making process. Security awareness campaigns, security policies and
procedures, and self- assessment exercises are all good but do not exemplify the taking of
ownership by management.