Which of the following is true of the Committee of Sponsoring Organizations (COSO) 2013 framework?

a. It provides best practice recommendations oninformation security management for use by thoseresponsible for initiating, implementing, or maintaininginformation security management systems.
b. It provides guidance on enterprise risk management, internal control, and fraud deterrence.
c. It provides a proven and practical framework for planning and delivering information technology-related services.
d. It provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations.

b. It provides guidance on enterprise risk management, internal control, and fraud deterrence.
The Committee of Sponsoring Organizations (COSO) 2013 frameworkprovides guidance on enterprise risk management, internal control, and fraud deterrence. It is designed to improve organizational performance and governance and reduce the extent of fraud in organizations.