adherence to security policies. It is generally less expensive to administer due to the economics
of scale. However, turnaround can be slower due to the lack of alignment with business units.
Successful implementation of information security governance wil FIRST require:
A. security awareness training.
B. updated security policies.
C. a computer incident management team.
D. a security architecture.
Updated security policies are required to align management objectives with security procedures;
management objectives translate into policy, policy translates into procedures. Security
procedures wil necessitate specialized teams such as the computer incident response and
management group as well as specialized tools such as the security mechanisms that comprise
the security architecture. Security awareness wil promote the policies, procedures and
appropriate use of the security mechanisms.
Which of the following individuals would be in the BEST position to sponsor the creation of an
information security steering group?
A. Information security manager
B. Chief operating officer (COO)
C. Internal auditor
D. Legal counsel
The chief operating officer (COO) is highly-placed within an organization and has the most
knowledge of business operations and objectives. The chief internal auditor and chief legal
counsel are appropriate members of such a steering group. However, sponsoring the creation of
the steering committee should be initiated by someone versed in the strategy and direction of
the business. Since a security manager is looking to this group for direction, they are not in the
best position to oversee formation of this group.
D. geographic coverage.