The Information Security Governance program MUST:

 Integration with Governance Processes:

Information Security Governance must align with other governance processes to ensure consistency and support organizational objectives.

Integration enhances decision-making, resource allocation, and compliance.

 Why This is Correct:

It ensures security governance is not siloed but works cohesively with financial, operational, and IT governance.

 Why Other Options Are Incorrect:

B. Support BYOD: BYOD is a policy decision, not a governance requirement.

C. Integrate with other processes: This is repetitive and adds no new value to Option A.

D. Show ROI: While valuable, ROI is not a mandatory objective of governance.

 References:

EC-Council defines the integration of security governance with organizational governance processes as a critical best practice for a successful program.