Which of the following is the BEST evidence that an organization's information security governance framework is effective?
A. Threats to the organization have diminished.
B. The risk register is reviewed annually.
C. The framework focuses primarily on technical controls.
D. The framework can adapt to organizational changes.
A. Threats to the organization have diminished.
B. The risk register is reviewed annually.
C. The framework focuses primarily on technical controls.
D. The framework can adapt to organizational changes.