Which of the following is the MOST appropriate board-level activity for information security governance?
A . Establish security and continuity ownership
B . Develop “what-if” scenarios on incidents
C . Establish measures for security baselines
D . Include security in job-performance appraisals
Answer: A