Watch this video on YouTube
Which approach would be most helpful in aligning information security with organizational objectives?