Which of the following BEST demonstrates that an organization supports information security governance?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
All of the answer choices demonstrate some level of support for information security governance, but one option stands out as the BEST demonstration.
Option A: Employees attend annual organization-wide security training. This is a good practice to ensure that all employees are aware of the organization's information security policies and procedures, and can recognize potential security threats. However, attending training alone is not sufficient to demonstrate strong information security governance.
Option B: Information security policies are readily available to employees. This is another good practice, as employees should have access to the organization's policies and procedures related to information security. However, simply having policies available does not demonstrate that the organization actively supports information security governance.
Option C: The incident response plan is documented and tested regularly. This is also an important component of information security governance, as it demonstrates that the organization is prepared to respond to security incidents. Regular testing and updates to the incident response plan ensure that the organization can quickly and effectively address security threats. However, this alone is not enough to demonstrate overall support for information security governance.
Option D: Information security steering committee meetings are held regularly. This option is the BEST demonstration of support for information security governance. A steering committee is typically composed of senior leaders who are responsible for overseeing the organization's information security strategy and ensuring that it aligns with the overall business strategy. By holding regular meetings, the organization demonstrates a commitment to information security governance and ensures that the appropriate stakeholders are involved in decision-making processes related to information security.
In conclusion, while all of the answer choices demonstrate some level of support for information security governance, the BEST demonstration is option D: Information security steering committee meetings are held regularly.