Exam CISM topic 1 question 79 discussion

The Correct Answer is D because an information Security Steering Committee is composed of the following members: The chief information security officer (CISO) The chief information officer (CIO) The chief operating officer (COO) The chief financial officer (CFO) The general counsel Representatives from key business units Representatives from key functional areas (i.e. human resources, IT, and legal) and the only answer that hs this is D. Rationale: A. Is limited to only one group B. Doesn't have enough diversity C. Tenure doesn't say anything about diversity D. This is the correct answer since cross-functional composition is the practice of assembling a team with members from different functional areas or departments within an organization.

C. Business expertise

Without individuals with strong information security expertise on the committee, it may struggle to make informed decisions and effectively protect the organization's sensitive information and systems.

While information security expertise (Option A) is valuable, having members with business expertise is crucial for the success of an information security steering committee. Information security is not just a technical concern; it is also a business risk that needs to be aligned with overall organizational goals and strategies. Committee members with a strong understanding of the organization's business operations, priorities, and objectives can better integrate information security into the broader business context. Tenure in the organization (Option B) may bring institutional knowledge but does not necessarily guarantee the necessary expertise or alignment with business goals. Cross-functional composition (Option D) is important as it ensures diverse perspectives, but business expertise is still a critical factor for effective decision-making related to information security within the organization.

A. Information security expertise While all the options listed are valuable qualities for committee members, information security expertise is the most critical factor when it comes to ensuring that the committee can effectively address and make decisions about security-related issues. Information security is a specialized field that requires a deep understanding of the evolving threat landscape, best practices, compliance requirements, and risk management strategies. Without individuals with strong information security expertise on the committee, it may struggle to make informed decisions and effectively protect the organization's sensitive information and systems. That said, a well-rounded committee should ideally also include members with business expertise (to align security initiatives with organizational goals), cross-functional composition (to represent various parts of the organization), and tenure in the organization (to provide historical context). However, these qualities should complement the primary criterion of information security expertise.

For me it's A. If you don't have knowledgeable information security personnel, then it doesn't matter who will be included in this commitee.

D-Cross functional composition will enable the steering committee to better represent the organization.

D. Cross-functional composition

D. Various stakeholders should involve as committee member

D, people from different areas is key

A. Information security expertise is the MOST important consideration when selecting members for an information security steering committee. The primary role of the information security steering committee is to provide oversight and guidance to ensure that the organization's information security goals are met. To do this effectively, the members of the committee should have a strong understanding of information security concepts, risks, and best practices. B, C, and D are also important considerations, as tenure in the organization can bring valuable institutional knowledge and experience, business expertise ensures that security decisions align with the organization's overall goals, and cross-functional composition ensures that different perspectives and concerns are considered. But the foremost important is the knowledge of information security.

The committee needs to come from different organization staff from multiple business levels