ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 718 discussion

Actual exam question from Isaca's CISM
Question #: 718
Topic #: 1
[All CISM Questions]

Which of the following is the MOST important consideration when establishing an organization's information security governance committee?

  • A. Members represent functions across the organization
  • B. Members have knowledge of information security controls
  • C. Members are rotated periodically
  • D. Members are business risk owners
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ccKane at March 5, 2023, 6:33 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
lj22HI
2 months, 3 weeks ago
Selected Answer: A
Rank the answers based on their importance for an effective information security governance committee: A. Members represent functions across the organization – Security affects all departments, so having diverse representation ensures a broad, well-rounded approach to governance. This helps align security initiatives with business needs. D. Members are business risk owners – Risk owners ensure accountability and drive security decisions based on business priorities, making them critical stakeholders. B. Members have knowledge of information security controls – While expertise is valuable, security governance is more about strategy and oversight than technical details. C. Members are rotated periodically – Rotation can bring fresh perspectives, but consistency in governance is typically more important for continuity and long-term success.
upvoted 1 times
...
SHERLOCKAWS
4 months, 2 weeks ago
Selected Answer: D
Answer is D: Members are business risk owners. Because business risk owners are the people who are accountable for outcomes, they can make informed decisions about acceptable risk levels and they can align security initiatives with business priorities and risk appetite.
upvoted 1 times
...
03allen
1 year, 1 month ago
It's A, it does not have to be that everyone is a business owner.
upvoted 1 times
...
shootnot
1 year, 3 months ago
Between A and D, the answer is A because A could include D but D does not necessarily guarantee A.
upvoted 2 times
...
yottabyte
1 year, 4 months ago
Selected Answer: A
Overall understanding is required here so members representing functions from various business units across the organization can provide that.
upvoted 1 times
...
POWNED
1 year, 6 months ago
Selected Answer: A
The most important part of steering committee is to have representatives that cover multiple functions across the organization. If you dont have this then there will be a lack of advocates in certain divisions of the business.
upvoted 3 times
xcjxcj
1 year, 5 months ago
The committee is not to cover all stakeholders. E.g. admin department is not required. Only important stakeholders are needed.
upvoted 1 times
...
...
TamerBeSafe
1 year, 6 months ago
Selected Answer: D
D. Members are business risk owners: Information security is not just an IT issue; it's a business issue. Business leaders who are also risk owners have a deep understanding of the organization's overall objectives, priorities, and risk appetite. When these leaders are involved in the information security governance committee, decisions related to security measures are more likely to align with the broader business strategy, and there is a better chance of achieving a balance between security and business objectives.
upvoted 3 times
...
richck102
2 years, 1 month ago
A. Members represent functions across the organization
upvoted 1 times
...
ccKane
2 years, 5 months ago
Why not "Members are business risk owners" ?
upvoted 2 times
cangurer
2 years, 5 months ago
end users/operational users could be a member as well.
upvoted 2 times
cosmo4ng
2 years, 4 months ago
Correct, and they not necessarily business risk owners.
upvoted 2 times
CISSPST
1 year, 10 months ago
Good to see a discussion for the first time on this forum.
upvoted 2 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel