Which of the following should be the PRIMARY input when defining the desired state of security within an organization?
A. Acceptable risk level
B. Annual loss expectancy
C. External audit results
D. Level of business impact
A. Acceptable risk level
B. Annual loss expectancy
C. External audit results
D. Level of business impact