While implementing information security governance an organization should FIRST:

A.
adopt security standards.

B.
determine security baselines.

C.
define the security strategy.

D.
establish security policies.

Explanation:

The first step in implementing information security governance is to define the security strategy based on which security baselines are determined. Adopting suitable security- standards, performing risk assessment and implementing security policy are steps that follow the definition of the security strategy.