Which option best describes the role of governance frameworks in security management?

Governance frameworks provide formal, structured guidance that shapes how security planning is done and how daily security operations are managed. They establish policies, standards, procedures, and clear roles and escalation paths, so security activities align with business goals, risk tolerance, and regulatory requirements. This structure supports repeatable, auditable processes for risk assessment, control implementation, monitoring, and continuous improvement, rather than leaving security to ad hoc or reactive actions. By creating a common language and decision rights across the organization, governance frameworks help ensure consistent, well-supported security decisions and resource prioritization. Examples like ISO 27001, NIST CSF, and COBIT illustrate how these frameworks organize governance, oversight, and accountability to maintain security posture.