Question #32Which of the following is the BEST way for an organization to determine the maturity level of its information security program?
选项：

A:Review the results of information security awareness testing.
B:Validate the effectiveness of implemented security controls.
C:Benchmark the information security policy against industry standards.
D:Track the trending of information security incidents.