Which of the following would be MOST useful when illustrating to senior management the status of a recently implemented information security governance framework? 

Answer options:

A. A risk assessment
B. A threat assessment
C. A maturity model
D. Periodic testing results

C