In order to highlight to management the importance of network security, the security manager should FIRST:
A.
develop a security architecture.
B.
install a network intrusion detection system (NIDS) and prepare a list of attacks.
C.
develop a network security policy.
D.
conduct a risk assessment.
Explanation:
A risk assessment would be most helpful to management in understanding at a very high level the threats, probabilities and existing controls. Developing a security architecture, installing a network intrusion detection system (NIDS) and preparing a list of attacks on the network and developing a network security policy would not be as effective in highlighting the importance to management and would follow only after performing a risk assessment.