When developing an information security governance framework, which of the following should be the FIRST activity?
A . Integrate security within the system’s development life-cycle process.
B . Align the information security program with the organization’s other risk and control activities.
C . Develop policies and procedures to support the framework.
D . Develop response measures to detect and ensure the closure of security breaches.
Answer: B