Which of the following is the MOST important component of information security governance?
A. Approved Information security strategy
B. Documented information security policies
C. Comprehensive information security awareness program
D. Appropriate information security metrics
A –
“A goal of the security program is to continue to contribute toward fulfillment of the security strategy… Governance begins with the establishment of top-level strategic objectives that are translated into actions.” All in One CISM