Management, Operational, and Technical Controls for Security Requirements | CAP Exam Answer

B.

The governance body that provides management, operational, and technical controls to satisfy security requirements is the Information Security Steering Committee (ISSC). The ISSC is a group of individuals who are responsible for overseeing the security of an organization's information systems and ensuring that they comply with relevant policies, laws, and regulations.

The ISSC typically includes representatives from different departments, such as IT, legal, compliance, and risk management. The committee is responsible for developing and implementing policies and procedures related to information security, as well as monitoring and assessing the effectiveness of those policies and procedures.

The Chief Information Security Officer (CISO) is a senior-level executive who is responsible for overseeing the organization's overall information security strategy and program. The CISO is a member of the ISSC and provides guidance and expertise to the committee.

Senior management is responsible for setting the strategic direction of the organization and ensuring that it achieves its objectives. While they may provide oversight and guidance to the ISSC, they typically do not have direct involvement in the day-to-day operations of the committee.

Business unit managers are responsible for managing specific departments or business units within the organization. While they may have input into the information security program, they do not typically have the authority to establish or enforce security policies and procedures.

In summary, the ISSC is the governance body that provides management, operational, and technical controls to satisfy security requirements. While the CISO, senior management, and business unit managers may have roles to play in information security, the ISSC is responsible for overall oversight and coordination of the organization's information security program.