Which Governance Body Directs and Coordinates Information Security Program Implementation?

D.

The governance body that directs and coordinates implementations of the information security program is the Information Security Steering Committee. This committee is typically composed of senior executives from various departments within an organization and is responsible for ensuring that the organization's information security program aligns with business objectives and priorities.

The Information Security Steering Committee typically sets the overall direction for the organization's information security program, including defining the scope, goals, and objectives of the program. The committee is also responsible for establishing policies and standards for information security and for overseeing the implementation of those policies and standards across the organization.

Senior Management is another governance body that plays a critical role in the implementation of the information security program. Senior management is responsible for providing the necessary resources and support for the information security program, including budget, personnel, and technology. Senior management is also responsible for ensuring that the information security program is integrated into the organization's overall risk management framework.

Business Unit Managers may also play a role in the implementation of the information security program, particularly when it comes to ensuring that security controls are effectively integrated into specific business processes and applications. However, their role is typically more focused on ensuring compliance with security policies and standards, rather than directing and coordinating the overall implementation of the information security program.

The Chief Information Security Officer (CISO) is typically responsible for overseeing the day-to-day operations of the information security program, including managing the implementation of security controls, monitoring for security incidents, and providing guidance and support to other members of the organization. While the CISO may be a member of the Information Security Steering Committee, their role is more focused on execution rather than direction and coordination.