Of the following, who should the security manager consult FIRST when determining the severity level of a security incident involving a third-party vendor?
A. IT process owners
B. Business partners
C. Risk manager
D. Business process owners
A. IT process owners
B. Business partners
C. Risk manager
D. Business process owners