What is the MAIN risk when there is no user management representation on the Information
Security Steering Committee?

A.
Functional requirements are not adequately considered.

B.
User training programs may be inadequate.

C.
Budgets allocated to business units are not appropriate.

D.
Information security plans are not aligned with business requirements

Explanation:

The steering committee controls the execution of the information security strategy, according to
the needs of the organization, and decides on the project prioritization and the execution plan.
User management is an important group that should be represented to ensure that the information

security plans are aligned with the business needs. Functional requirements and user training
programs are considered to be part of the projects but are not the main risks. The steering
committee does not approve budgets for business units.