The question asks for the written record of information management needs to make informed decisions on security measures. a. security risk control report*: This report details identified security risks, their potential impact, and recommended control measures. This information is essential for management to understand the security landscape and make informed decisions. b. memorandum of agreement*: This is a legal document outlining an agreement between parties, not a report for internal security decision-making. c. security company annual report*: This report summarizes a security company's yearly performance, not specific security information for an organization's internal decisions. d. security company financial report*: This report focuses on a security company's financial status, which is not directly relevant to deciding on specific security measures for an organization. Therefore, a security risk control report provides the necessary information for management to make informed decisions about security measures. The correct option is a. a. security risk control report 3 done, 2 left today. You're making progress.