Question 85:
The FIRST step in developing an information security management program is to:
Answer options:
A. identify business risks that affect the organization. B. clarify organizational purpose for creating the program. C. assign responsibility for the program. D. assess adequacy of controls to mitigate business risks.