Which of the following processes is the FIRST step in establishing an information security policy?
A. Security controls evaluation
B. Business risk assessment
C. Review of current global standards
D. Information security audit
A. Security controls evaluation
B. Business risk assessment
C. Review of current global standards
D. Information security audit