Which of the following should be the PRIMARY objective of an information security governance framework?
A. Increase the organization’s return on security investment.
B. Provide a baseline for optimizing the security profile of the organization.
C. Ensure that users comply with the organization’s information security policies.
D. Demonstrate compliance with industry best practices to external stakeholders.
A. Increase the organization’s return on security investment.
B. Provide a baseline for optimizing the security profile of the organization.
C. Ensure that users comply with the organization’s information security policies.
D. Demonstrate compliance with industry best practices to external stakeholders.