Which of the following should be the PRIMARY objective of an information security governance framework?
A . Increase the organization’s return on security investment.
B . Provide a baseline for optimizing the security profile of the organization.
C . Ensure that users comply with the organization’s information security policies.
D . Demonstrate compliance with industry best practices to external stakeholders.
Answer: B