The initial step in establishing an information security program is the:
A、development and implementation of an information security standards manual.
B、performance of a comprehensive security control review by the IS auditor.
C、adoption of a corporate information security policy statement.
D、purchase of security access control software.