Exam CISM topic 1 question 285 discussion

B. Approving changes to the information security strategy The PRIMARY responsibility of an information security governance committee is to approve changes to the information security strategy. This committee is typically responsible for setting the direction and priorities for an organization's information security efforts, and approving changes to the strategy ensures that security measures align with the organization's goals and risk tolerance. While other activities mentioned, such as reviewing the information security risk register, discussing upcoming projects, and reviewing metrics, are important functions of an information security governance committee, they often support or contribute to the development and execution of the security strategy, but approving the strategy itself is a central and primary responsibility.

The correct answer is B. Approving changes to the information security strategy. Explanation: Among the options provided, approving changes to the information security strategy is the primary responsibility of an information security governance committee. Here's why this option is the primary responsibility: B. Approving changes to the information security strategy: The information security governance committee is responsible for setting the direction and priorities of information security efforts within an organization. Approving changes to the information security strategy ensures that the organization's security goals align with its overall objectives.

B. Approving changes to the information security strategy

Yes, approving changes to the information security strategy is generally considered to be the primary responsibility of an information security governance committee. The information security governance committee is responsible for overseeing and guiding the overall information security program, including the development and maintenance of the information security strategy.