Which of the following MOST commonly falls within the scope of an information security
governance steering committee?
A.
Interviewing candidates for information security specialist positions
B.
Developing content for security awareness programs
C.
Prioritizing information security initiatives
D.
Approving access to critical financial systems
Explanation:
Prioritizing information security initiatives is the only appropriate item. The interviewing of
specialists should be performed by the information security manager, while the developing of
program content should be performed by the information security staff. Approving access to critical
financial systems is the responsibility of individual system data owners.