Which of the following MOST commonly falls within the scope of an information security governance steering
committee?

A.
Interviewing candidates for information security specialist positions

B.
Developing content for security awareness programs

C.
Prioritizing information security initiatives

D.
Approving access to critical financial systems

Explanation:

Prioritizing information security initiatives is the only appropriate item. The interviewing of specialists should be performed by the information security manager, while the developing of program content should be performed by the information security staff. Approving access to critical financial systems is the responsibility of individual system data owners.