In order to highlight to management, the importance of integrating information security in the business processes, a newly hired information security officer should FIRST:
A. prepare a security budget.
B. conduct a risk assessment.
C. develop an information security policy.
D. obtain benchmarking information.
Explanation:
Risk assessment, evaluation and impact analysis will be the starting point for driving managements attention to information security. All other choices will follow the risk assessment.