Which of the following should be the information security manager’s NEXT step following senior management approval of the information security strategy?

A. Develop a security policy.
B. Develop a budget.
C. Perform a gap analysis.
D. Form a steering committee.