The FIRST step in establishing an information security program is to:
A. secure organizational commitment and support
B. assess the organization’s compliance with regulatory requirements
C. determine the level of risk that is acceptable to senior management
D. define policies and standards that mitigate the organization’s risks
A. secure organizational commitment and support
B. assess the organization’s compliance with regulatory requirements
C. determine the level of risk that is acceptable to senior management
D. define policies and standards that mitigate the organization’s risks