Which of the following should be the PRIMARY basis for planning and prioritizing IT infrastructure security audits?
A. Asset value to the organization
B. Management requests
C. The organization’s risk appetite
D. Security best practice
A. Asset value to the organization
B. Management requests
C. The organization’s risk appetite
D. Security best practice