Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization’s information security strategy?
A. Business impact analysis
B. Organizational risk appetite
C. Independent security audit
D. Security risk assessment
A. Business impact analysis
B. Organizational risk appetite
C. Independent security audit
D. Security risk assessment