Which statement best describes Domain 1 Governance?

Governance in cybersecurity sets the direction and oversight for the entire program. It focuses on how leadership guides strategy, assigns accountability, and ensures the organization has the right policies, resources, and oversight to meet regulatory and business objectives. The statement describing governance includes board oversight, alignment of security with strategy, defined roles and responsibilities, established policies, appropriate resource allocation, and regulatory oversight. Each element reinforces accountability and ensures the cybersecurity activities support the organization’s goals while staying compliant with laws and standards. Other options describe activities that belong to other areas: identifying assets and assessing threats or risks is part of risk management and asset management, not governance; performing penetration testing is a technical security activity; offering breach guarantees is not a governance function and isn’t a standard practice in cybersecurity governance.