A new security manager was hired to establish a vulnerability management program. The manager asked for a corporate strategic plan and risk register that the project management office developed. The manager conducted tools and skillsets inventory to document the plan. Which of the following is a critical task for the establishment of a successful program?
A. Establish continuous monitoring
B. Update vulnerability feed
C. Perform information classification
D. Establish corporate policy