Who can BEST approve plans to implement an information security governance framework?

A.
Internal auditor

B.
Information security management

C.
Steering committee

D.
Infrastructure management

Explanation:

Senior management that is part of the security steering committee is in the best position to

approve plans to implement an information security governance framework. An internal auditor is
secondary’ to the authority and influence of senior management. Information security management
should not have the authority to approve the security governance framework. Infrastructure
management will not be in the best position since it focuses more on the technologies than on the
business.