In implementing information security governance, the information security manager is PRIMARILY

responsible for:

A.
developing the security strategy.

B.
reviewing the security strategy.

C.
communicating the security strategy.

D.
approving the security strategy

Explanation:

The information security manager is responsible for developing a security strategy based on
business objectives with the help of business process owners. Reviewing the security strategy is
the responsibility of a steering committee. The information security manager is not necessarily
responsible for communicating or approving the security strategy.