Question #751Which of the following MUST be defined in order for an information security manager to evaluate the appropriateness of controls currently in place?
选项：

A:Security policy
B:Risk management framework
C:Security standards
D:Risk appetite