Senior management commitment and support for information security can BEST be enhanced
through:

A.
a formal security policy sponsored by the chief executive officer (CEO).

B.
regular security awareness training for employees.

C.
periodic review of alignment with business management goals.

D.
senior management signoff on the information security strategy.

Explanation:

Ensuring that security activities continue to be aligned and support business goals is critical to
obtaining their support. Although having the chief executive officer (CEO) signoff on the security
policy and senior management signoff on the security strategy makes for good visibility and
demonstrates good tone at the top, it is a one-time discrete event that may be quickly forgotten by
senior management. Security awareness training for employees will not have as much effect on
senior management commitment.