Which of the following would be the first step in establishing an information security program?
A.
Adoption of a corporate information security policy statement
B.
Development and implementation of an information security standards manual
C.
Development of a security awareness-training program
D.
Purchase of security access control software