Which of the following should be reviewed FIRST when assessing the effectiveness of an organization’s network security procedures and controls?

A. Data recovery capability
B. Inventory of authorized devices
C. Vulnerability remediation
D. Malware defenses