The configuration management plan should PRIMARILY be based upon input from:
A. business process owners.
B. the information security manager.
C. the security steering committee.
D. IT senior management.
Explanation:
Although business process owners, an information security manager and the security steering committee may provide input regarding a configuration management plan, its final approval is the primary responsibility of IT senior management.