Ace the 2025 Certified Governance Risk & Compliance (CGRC) Challenge – Navigate the Governance Maze with Confidence!

The correct choice is the one that indicates the governance body that provides management, operational, and technical controls to satisfy security requirements. Senior management plays a crucial role in establishing the organization’s security framework and overall governance structure. They are responsible for ensuring that adequate resources are allocated to implement security measures, defining the organization's risk tolerance, and ensuring that policies align with the organization’s goals.

Senior management sets the tone for the security culture within the organization by promoting the importance of compliance and risk management. They are accountable for creating a conducive environment for cybersecurity initiatives, which is essential for safeguarding organizational assets from threats. Their involvement is critical in translating security requirements into actionable strategies and practices across all levels of the organization.

The other options represent different roles in security governance but do not encompass the broad mandate that senior management has. For instance, while a Chief Information Security Officer focuses specifically on security strategy and incident response, their role is typically supported and guided by senior management's strategic directives. Similarly, an Information Security Steering Committee may provide oversight and direction but is usually a component of the broader management structure rather than the ultimate decision-making authority. A Business Unit Manager may have operational control within their specific unit but lacks the comprehensive oversight needed to ensure that enterprise-wide security requirements are met.