Which of the following is a key component of information security governance?

Establishing roles and responsibilities for information security is a fundamental component of information security governance because it ensures that there is clear accountability and oversight in protecting an organization's information assets. In an effective governance framework, defining who is responsible for what helps to align security efforts with business objectives, manage risk, and comply with legal and regulatory requirements.

When roles and responsibilities are clearly established, it enables organizations to implement policies, procedures, and controls that are tailored to their unique needs and risks. This clarity fosters a culture of security awareness and compliance within the organization, which is essential for safeguarding sensitive information.

The other options focus on specific aspects of security or operational efficiency. Enforcing software licenses pertains to compliance and legal considerations, optimizing network speed addresses performance rather than security, and installing antivirus software relates to implementing technical controls. While these actions are important, they do not encompass the broader strategic framework that is critical to effective information security governance.