The MOST basic requirement for an information security governance program is to:

A.
be aligned with the corporate business strategy.

B.
be based on a sound risk management approach.

C.
provide adequate regulatory compliance.

D.
provide best practices for security- initiatives.

Explanation:

To receive senior management support, an information security program should be aligned with
the corporate business strategy. Risk management is a requirement of an information security
program which should take into consideration the business strategy. Security governance is much
broader than just regulatory compliance. Best practice is an operational concern and does not
have a direct impact on a governance program.