Which of the following is the BEST way to determine if an information security program aligns with corporate governance? 

Answer options:

A. Evaluate funding for security initiatives
B. Survey end users about corporate governance
C. Review information security policies
D. Review the balanced scorecard

C

Explanation - One of the most important aspects of the action plan to execute the strategy is to create or modify, as needed, policies and standards. Policies are one of the primary elements of governance and each policy should state only one general security mandate. The road map should show the steps and the sequence, dependencies, and milestones.