After implementing an information security governance framework, which of the following would provide the BEST information to develop an information security project plan?

A. Risk heat map
B. Recent audit results
C. Balanced scorecard
D. Gap analysis