ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 718 discussion

Actual exam question from Isaca's CISM
Question #: 718
Topic #: 1
[All CISM Questions]

Which of the following is the MOST important consideration when establishing an organization's information security governance committee?

  • A. Members represent functions across the organization
  • B. Members have knowledge of information security controls
  • C. Members are rotated periodically
  • D. Members are business risk owners
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ccKane at March 5, 2023, 6:33 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SHERLOCKAWS
4 days ago
Selected Answer: D
Answer is D: Members are business risk owners. Because business risk owners are the people who are accountable for outcomes, they can make informed decisions about acceptable risk levels and they can align security initiatives with business priorities and risk appetite.
upvoted 1 times
...
03allen
9 months, 1 week ago
It's A, it does not have to be that everyone is a business owner.
upvoted 1 times
...
shootnot
10 months, 4 weeks ago
Between A and D, the answer is A because A could include D but D does not necessarily guarantee A.
upvoted 2 times
...
yottabyte
1 year ago
Selected Answer: A
Overall understanding is required here so members representing functions from various business units across the organization can provide that.
upvoted 1 times
...
POWNED
1 year, 2 months ago
Selected Answer: A
The most important part of steering committee is to have representatives that cover multiple functions across the organization. If you dont have this then there will be a lack of advocates in certain divisions of the business.
upvoted 2 times
xcjxcj
1 year ago
The committee is not to cover all stakeholders. E.g. admin department is not required. Only important stakeholders are needed.
upvoted 1 times
...
...
TamerBeSafe
1 year, 2 months ago
Selected Answer: D
D. Members are business risk owners: Information security is not just an IT issue; it's a business issue. Business leaders who are also risk owners have a deep understanding of the organization's overall objectives, priorities, and risk appetite. When these leaders are involved in the information security governance committee, decisions related to security measures are more likely to align with the broader business strategy, and there is a better chance of achieving a balance between security and business objectives.
upvoted 2 times
...
richck102
1 year, 9 months ago
A. Members represent functions across the organization
upvoted 1 times
...
ccKane
2 years ago
Why not "Members are business risk owners" ?
upvoted 2 times
cangurer
2 years ago
end users/operational users could be a member as well.
upvoted 2 times
cosmo4ng
1 year, 11 months ago
Correct, and they not necessarily business risk owners.
upvoted 2 times
CISSPST
1 year, 6 months ago
Good to see a discussion for the first time on this forum.
upvoted 2 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago