The effectiveness of an information security governance framework will BEST be enhanced if: 

Answer options:

A. IS auditors are empowered to evaluate governance activities
B. risk management is built into operational and strategic activities
C. a culture of legal and regulatory compliance is promoted by management
D. consultants review the information security governance framework

D