What is the BEST first step for determining if the appropriate security controls are in place for
protecting data at rest?

A.
Identify regulatory requirements

B.
Conduct a risk assessment

C.
Determine business drivers

D.
Review the security baseline configuration

Explanation: