The FIRST step in establishing a security governance program is to:
A . conduct a risk assessment.
B . conduct a workshop for all end users.
C . prepare a security budget.
D . obtain high-level sponsorship.
Answer: D
Explanation:
The establishment of a security governance program is possible only with the support and sponsorship of top management since security governance projects are enterprise wide and integrated into business processes. Conducting a risk assessment, conducting a workshop for all end users and preparing a security budget all follow once high-level sponsorship is obtained.