The MAIN reason for having the Information Security Steering Committee review a new security controls
implementation plan is to ensure that:

A.
the plan aligns with the organization’s business plan.

B.
departmental budgets are allocated appropriately to pay for the plan.

C.
regulatory oversight requirements are met.

D.
the impact of the plan on the business units is reduced.

Explanation:

The steering committee controls the execution of the information security strategy according to the needs of the organization and decides on the project prioritization and the execution plan. The steering committee does not allocate department budgets for business units. While ensuring that regulatory oversight requirements are met could be a consideration, it is not the main reason for the review. Reducing the impact on the business units is a secondary concern but not the main reason for the review.