Which of the following will BEST ensure that management takes ownership of the decision making process for information security?

A. Security policies and procedures

B. Annual self-assessment by management

C. Security-steering committees

D. Security awareness campaigns

Explanation:

Security steering committees provide a forum for management to express its opinion and take ownership in the decision making process. Security awareness campaigns, security policies and procedures, and self- assessment exercises are all good but do not exemplify the taking of ownership by management.