A security manager has created a risk program.
Which of the following is a critical part of ensuring the program is successful?
A . Ensuring developers include risk control comments in code
B . Creating risk assessment templates based on specific threats
C . Providing a risk program governance structure
D . Allowing for the acceptance of risk for regulatory compliance requirements
Answer: C