Which of the following is the BEST indication that information security is integrated into corporate governance? 

Answer options:

A. New vulnerabilities are reported directly to the security manager.
B. Significant incidents are escalated to executive management.
C. Security policy documents are reviewed periodically.
D. Administrative staff is trained on current information security topics.

D