Effective CISSP Questions

Committees established at the board level are also known as board or governance committees. Which of the following is least likely to be established at the board level? (Wentz QOTD)
A. Audit committee
B. Governance committee
C. Compensation committee
D. Business continuity steering committee

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Business continuity steering committee.

The business continuity steering committee (BCSC) is typically lead by senior management or board member. However, the BCSC is not a common standing committee established at the board level. Instead, it’s more common that the BCSC is set up at the executive management level.

It is imperative for the governance of the BC programme that a Business Continuity Steering Committee (BCSC) is appointed…

This group comprises the most senior managers from the organisation and each key department must be represented. The BCSC should be lead by the senior manager with responsibility for BCM. NIST 800-34 suggests that this might be the Chief Information Officer. BS 25999-1 states that the responsibility for BCM should be assigned to the owner, a board director or elected representative.

The Business Continuity Steering Committee are tasked with making strategic recovery and continuity planning decisions for the organisation and will sign off on each stage of the programme. Unlike the usual project management steering committee, which is disbanded on completion of the project, this committee is permanent [TR 19:2005].

The BCSC should meet regularly at suitable intervals during and after the implementation programme. It is likely that the meeting interval would lengthen once the BC programme has been completed. Suggested meeting frequencies are monthly during the implementation phase of the programme and quarterly once the BCP has been delivered and BCM is part of everyday organisational management.

Source: ENISA

Governance Structure
Governance Structure
Common Board-level Committees
Common Board-level Committees
Board Committees
Board Committees



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

建立在董事會層級的委員會也稱為董事會或治理委員會。 以下哪一項最不可能建立在董事會層級? (Wentz QOTD)
A. 審計委員會
B. 治理委員會
C. 薪酬委員會
D. 業務持續指導委員會

1 thought on “CISSP PRACTICE QUESTIONS – 20210521

Leave a Reply