While implementing information security governance an organization should FIRST:
A.
adopt security standards.
B.
determine security baselines.
C.
define the security strategy.
D.
establish security policies.
Explanation:
The first step in implementing information security governance is to define the security strategy
based on which security baselines are determined. Adopting suitable security- standards,
performing risk assessment and implementing security policy are steps that follow the definition of
the security strategy.