Which of the following BEST demonstrates alignment between information security governance and corporate governance?

A. Average number of security incidents across business units
B. Security project justifications provided in terms of business value
C. Number of vulnerabilities identified for high-risk information assets
D. Mean time to resolution for enterprise-wide security incidents