The PRIMARY purpose of implementing information security governance metrics is to: 

Answer options:

A. measure alignment with best practices.
B. assess operational and program metrics.
C. refine control operations,
D. guide security towards the desired state.

D