The effectiveness of an information security governance framework will BEST be enhanced if:
A . IS auditors are empowered to evaluate governance activities
B . risk management is built into operational and strategic activities
C . a culture of legal and regulatory compliance is promoted by management
D . consultants review the information security governance framework
Answer: D