The FIRST step in establishing a security governance program is to:
A.
conduct a risk assessment.
B.
conduct a workshop for all end users.
C.
prepare a security budget.
D.
obtain high-level sponsorship.
Explanation:
The establishment of a security governance program is possible only with the support and
sponsorship of top management since security governance projects are enterprise wide and
integrated into business processes. Conducting a risk assessment, conducting a workshop for all
end users and preparing a security budget all follow once high-level sponsorship is obtained.