Which of the following is MOST helpful for aligning security operations with the IT governance framework?

A. Information security policy
B. Security risk assessment
C. Security operations program
D. Business impact analysis (BIA)