When considering whether to adopt a new information security framework, an organizations information security manager should FIRST:
A. compare the framework with the current business strategy
B. perform a technical feasibility analysis
C. perform a financial viability study
D. analyze the framework-s legal implications and business impact