The PRIMARY purpose of establishing an information security governance framework should be to: 

Answer options:

A. align information security strategy and investments to support organizational activities
B. align corporate governance, activities, and investments to information security goals
C. establish the business case for strategic integration of information security in organizational efforts
D. document and communicate how the information security program functions within the organization

A