Establishing a dedicated committee to oversee the development and enforcement of information security policies, standards, and procedures is unnecessary if the organization already has a skilled IT department.
The correct answer is that this statement is false. Even with a skilled IT department, establishing a dedicated committee for overseeing information security is important because it ensures that there is specialized focus and governance over security matters that may be outside the everyday functions of the IT department. Committees bring together multiple stakeholders and perspectives, ensuring a broader and more complete oversight of the security program. Additionally, committees may include members not part of the IT department, such as legal, HR, and executive leadership, who can provide essential insight and decision-making capabilities that are crucial for effective security governance.