Which of the following is MOST critical for an effective information security governance framework? 

Answer options:

A. Board members are committed to the information security program.
B. Information security policies are reviewed on a regular basis.
C. The information security program is continually monitored.
D. The CIO is accountable for the information security program.

A