Demonstrating Alignment Between Information Security Governance and Corporate Governance

B.

The correct answer is B. Security project justifications provided in terms of business value.

Information security governance refers to the processes and structures that ensure that an organization's information security strategy aligns with its overall business objectives. Corporate governance, on the other hand, is concerned with the overall management and direction of an organization, including its strategic goals and objectives.

Alignment between information security governance and corporate governance means that the organization's information security strategy is directly linked to its business objectives and is consistent with the overall direction and management of the organization. This ensures that information security risks are managed in a way that supports the organization's business goals.

Out of the options given, B is the best demonstration of alignment between information security governance and corporate governance. This is because providing security project justifications in terms of business value shows that the organization's information security initiatives are aligned with its overall business objectives. This demonstrates that the organization is taking a risk-based approach to information security and is investing in security projects that support the organization's strategic goals and objectives.

The other options, A, C, and D, do not necessarily demonstrate alignment between information security governance and corporate governance. While they may be important metrics to track for information security purposes, they do not directly relate to the organization's overall business objectives and may not be the best indicators of alignment between information security governance and corporate governance.

In conclusion, the best way to demonstrate alignment between information security governance and corporate governance is to provide security project justifications in terms of business value.