With a focus on the review and approval aspects of board responsibilities, the Data Governance Council recommends that the boards provide strategic oversight regarding information and information security, include these four things:

A. Metrics tracking security milestones, understanding criticality of information and information security, visibility into the types of information and how it is used, endorsement by the board of directors

B. Annual security training for all employees, continual budget reviews, endorsement of     the development and implementation of a security program, metrics to track the program

C. Understanding criticality of information and information security, review investment in information security, endorse development and implementation of a security program, and require regular reports on adequacy and effectiveness

D. Endorsement by the board of directors for security program, metrics of security program milestones, annual budget review, report on integration and acceptance of program








 

Suggested Answer: C



Reference:
https://nanopdf.com/download/information-security-governance-guidance-for-boards-of_pdf

(9)


This question is in 712-50 EC-Council Certified CISO (CCISO) Exam
For getting EC-Council Certified CISO (CCISO) Certificate




Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by EC-Council.
Trademarks, certification & product names are used for reference only and belong to EC-Council.
The website does not contain actual questions and answers from EC-Council's Certification Exam.