Which of the following would be MOST useful in a report to senior management for evaluating changes in the organization’s information security risk position?

A. Risk register
B. Trend analysis
C. Industry benchmarks
D. Management action plan