Which of the following should be the FIRST step to ensure an information security program meets the requirements of new regulations?
A. Validate the asset classification schema.
B. Integrate compliance into the risk management process.
C. Assess organizational security controls.
D. Conduct a gap analysis to determine necessary changes.
A. Validate the asset classification schema.
B. Integrate compliance into the risk management process.
C. Assess organizational security controls.
D. Conduct a gap analysis to determine necessary changes.