Which of the following will BEST ensure that management takes ownership of the decision making process for
information security?
A.
Security policies and procedures
B.
Annual self-assessment by management
C.
Security-steering committees
D.
Security awareness campaigns
Explanation:
Security steering committees provide a forum for management to express its opinion and take ownership in the decision making process. Security awareness campaigns, security policies and procedures, and selfassessment exercises are all good but do not exemplify the taking of ownership by management.