Which of the following is the MOST appropriate board-level activity for information security governance?
A. Establish security and continuity ownership
B. Develop -what-if- scenarios on incidents
C. Establish measures for security baselines
D. Include security in job-performance appraisals