The configuration management plan should PRIMARILY be based upon input from:
A.
business process owners.
B.
the information security manager.
C.
the security steering committee.
D.
IT senior management.
Explanation:
Although business process owners, an information security manager and the security steering
committee may provide input regarding a configuration management plan, its final approval is the
primary responsibility of IT senior management.