Which TWO of the following are key components of an information security governance framework? (Choose two.)
Foundational elements of governance frameworks.
Why this answer
Security policy and standards are foundational components of an information security governance framework because they establish the high-level direction, principles, and mandatory requirements that guide the organization's security posture. The risk management process is equally critical as it provides a structured methodology for identifying, assessing, and treating risks, ensuring that security decisions are aligned with business objectives and risk appetite. Together, they form the strategic and operational backbone of governance, enabling accountability and continuous improvement.