Committees established at the board level are also known as board or governance committees. Which of the following is least likely to be established at the board level? (Wentz QOTD)
A. Audit committee
B. Governance committee
C. Compensation committee
D. Business continuity steering committee

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Business continuity steering committee.

The business continuity steering committee (BCSC) is typically lead by senior management or board member. However, the BCSC is not a common standing committee established at the board level. Instead, it’s more common that the BCSC is set up at the executive management level.

It is imperative for the governance of the BC programme that a Business Continuity Steering Committee (BCSC) is appointed…

This group comprises the most senior managers from the organisation and each key department must be represented. The BCSC should be lead by the senior manager with responsibility for BCM. NIST 800-34 suggests that this might be the Chief Information Officer. BS 25999-1 states that the responsibility for BCM should be assigned to the owner, a board director or elected representative.

The Business Continuity Steering Committee are tasked with making strategic recovery and continuity planning decisions for the organisation and will sign off on each stage of the programme. Unlike the usual project management steering committee, which is disbanded on completion of the project, this committee is permanent [TR 19:2005].

The BCSC should meet regularly at suitable intervals during and after the implementation programme. It is likely that the meeting interval would lengthen once the BC programme has been completed. Suggested meeting frequencies are monthly during the implementation phase of the programme and quarterly once the BCP has been delivered and BCM is part of everyday organisational management.

Source: ENISA

Reference

• The Structure of Board Committees
• What is The Role of the Executive Committee?
• What is the Governance Committee and What Does It Do?
• Business Continuity Steering Committee
• Fubon Functional Committees

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

• It is available on Amazon.
• Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.

建立在董事會層級的委員會也稱為董事會或治理委員會。 以下哪一項最不可能建立在董事會層級？ (Wentz QOTD)
A. 審計委員會
B. 治理委員會
C. 薪酬委員會
D. 業務持續指導委員會