Best Individual to Sponsor Information Security Steering Group

B.

The chief operating officer (COO) is highly-placed within an organization and has the most knowledge of business operations and objectives.

The chief internal auditor and chief legal counsel are appropriate members of such a steering group.

However, sponsoring the creation of the steering committee should be initiated by someone versed in the strategy and direction of the business.

Since a security manager is looking to this group for direction, they are not in the best position to oversee formation of this group.

An information security steering group is typically responsible for providing guidance and oversight on information security-related matters. The group may be comprised of representatives from various areas of the organization, including IT, legal, HR, and business units.

The most appropriate individual to sponsor the creation of an information security steering group would be someone who has the authority and influence to ensure its success. Based on the options provided, the Chief Operating Officer (COO) would be in the best position to sponsor the creation of an information security steering group.

The COO is a high-level executive responsible for overseeing the day-to-day operations of the organization. They typically have a broad understanding of the organization's goals and objectives and can provide the necessary resources to support the creation and ongoing operations of an information security steering group. Additionally, the COO is responsible for managing risk and ensuring compliance with applicable laws and regulations, making them an ideal sponsor for an information security steering group.

While the Information Security Manager may have the expertise in information security matters, they may not have the necessary organizational authority to create a steering group. The Internal Auditor's role is to provide independent assessments of the organization's activities and controls and may not have the authority to create a steering group. The Legal Counsel may provide legal advice on information security matters, but their focus may not be on the operational aspects of creating and managing an information security steering group.

In summary, the COO would be the best individual to sponsor the creation of an information security steering group due to their broad understanding of the organization's goals and objectives, ability to allocate resources, and responsibility for managing risk and ensuring compliance with applicable laws and regulations.