Which of the following BEST explains why an organization with a highly skilled IT department should STILL establish an information security steering committee?
It provides cross-functional oversight that aligns security objectives with business strategy and regulatory obligations beyond daily IT operations.
It restricts input from non-technical stakeholders to prevent delays caused by business considerations.
It allows IT personnel to make all security decisions without executive involvement, speeding technical implementation.
It eliminates the need for separate risk assessments because skilled IT staff can handle all security risks alone.
A security steering committee provides cross-functional governance that aligns security policy, risk management, and regulatory requirements with overall business objectives. Unlike an IT department that focuses on day-to-day technical operations, the committee brings together executives, legal, HR, and other stakeholders to set strategy, allocate resources, and resolve enterprise-wide security issues. The other options incorrectly assert that the committee removes executive oversight, eliminates risk-management needs, or limits business input-none of which are goals of effective governance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to have a dedicated committee for information security?
Open an interactive chat with Bash
What roles should members of the information security committee have?
Open an interactive chat with Bash
What are the risks of not having a dedicated information security committee?