To BEST improve the alignment of the information security objectives in an organization, the chief

information security officer (CISO) should:

A.
revise the information security program.

B.
evaluate a balanced business scorecard.

C.
conduct regular user awareness sessions.

D.
perform penetration tests.

Explanation:

The balanced business scorecard can track the effectiveness of how an organization executes it
information security strategy and determine areas of improvement. Revising the information
security program may be a solution, but is not the best solution to improve alignment of the
information security objectives. User awareness is just one of the areas the organization must
track through the balanced business scorecard. Performing penetration tests does not affect
alignment with information security objectives.