Senior management has the primary responsibility to ensure that security objectives are aligned with organizational goals. Senior management is the highest level of authority and decision-making in an organization, and it sets the vision, mission, strategy, and objectives for the organization. Senior management is also responsible for establishing the security governance framework, which defines the roles, responsibilities, policies, standards, and procedures for security management. Senior management should ensure that the security function supports and enables the organizational goals, and that the security objectives are consistent, measurable, and achievable. Senior management should also provide adequate resources, guidance, and oversight for the security function, and communicate the security expectations and requirements to all stakeholders. The information security department, the audit committee, and all users have some roles and responsibilities in ensuring that security objectives are aligned with organizational goals, but they are not the primary ones. The information security department is responsible for implementing, maintaining, and monitoring the security controls and processes, and reporting on the security performance and incidents. The audit committee is responsible for reviewing and verifying the effectiveness and compliance of the security controls and processes, and providing recommendations for improvement. All users are responsible for following the security policies and procedures, and reporting any security issues or violations.