An information security manager is concerned that executive management does not support information security initiatives. Which of the following is the BEST way to address this situation?
A. Report the risk and status of the information security program to the board
B. Revise the information security strategy to meet executive management’s expectations
C. Escalate noncompliance concerns to the internal audit manager
D. Demonstrate alignment of the information security function with business needs
A. Report the risk and status of the information security program to the board
B. Revise the information security strategy to meet executive management’s expectations
C. Escalate noncompliance concerns to the internal audit manager
D. Demonstrate alignment of the information security function with business needs