In order to highlight to management the importance of network security, the security manager
should FIRST:
A.
develop a security architecture.
B.
install a network intrusion detection system (NIDS) and prepare a list of attacks.
C.
develop a network security policy.
D.
conduct a risk assessment.
Explanation:
A risk assessment would be most helpful to management in understanding at a very high level the
threats, probabilities and existing controls. Developing a security architecture, installing a network
intrusion detection system (NIDS) and preparing a list of attacks on the network and developing a
network security policy would not be as effective in highlighting the importance to management
and would follow only after performing a risk assessment.