Which of the following BEST explains why an organization with a highly skilled IT department should STILL establish an information security steering committee?
It provides cross-functional oversight that aligns security objectives with business strategy and regulatory obligations beyond daily IT operations.
It eliminates the need for separate risk assessments because skilled IT staff can handle all security risks alone.
It restricts input from non-technical stakeholders to prevent delays caused by business considerations.
It allows IT personnel to make all security decisions without executive involvement, speeding technical implementation.
A security steering committee provides cross-functional governance that aligns security policy, risk management, and regulatory requirements with overall business objectives. Unlike an IT department that focuses on day-to-day technical operations, the committee brings together executives, legal, HR, and other stakeholders to set strategy, allocate resources, and resolve enterprise-wide security issues. The other options incorrectly assert that the committee removes executive oversight, eliminates risk-management needs, or limits business input-none of which are goals of effective governance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is cross-functional oversight important in an information security steering committee?
Open an interactive chat with Bash
What is the role of non-technical stakeholders in an information security steering committee?
Open an interactive chat with Bash
How does an information security steering committee differ from the IT department?