Answer:
The answer is A. True
Step-by-step explanation:
It is the responsibility of management to be aware of the current and potential threats that the organization is facing or prone to face in the nearest future. The threats could be focused on data integrity, valuable information, applications, or human personnel.
Hence, to make adequate decisions on information security, the management must take an assessment of the current situation of the organization and make plans towards securing the organization.