The PRIMARY objective for information security program development should be:
A . Reducing the impact of the risk to the business.
B . Establishing incident response programs.
C . Establishing strategic alignment with business continuity requirements.
D . Identifying and implementing the best security solutions.
Answer: A