Which of the following would BEST ensure the success of information security governance within
an organization?
A.
Steering committees approve security projects
B.
Security policy training provided to all managers
C.
Security training available to all employees on the intranet
D.
Steering committees enforce compliance with laws and regulations
Explanation:
The existence of a steering committee that approves all security projects would be an indication of
the existence of a good governance program. Compliance with laws and regulations is part of the
responsibility of the steering committee but it is not a full answer. Awareness training is important
at all levels in any medium, and also an indicator of good governance. However, it must be guided
and approved as a security project by the steering committee.