A new information security manager is charged with reviewing and revising the information security strategy. The information security manager’s FIRST course of action should be to gain an understanding of the organization’s:

A. security architecture
B. risk register
C. internal control framework
D. business strategy