An information security manager is developing a business case for an investment in an information security control. The FIRST step should be to:
A. research vendor pricing to show cost efficiency
B. assess potential impact to the organization
C. demonstrate increased productivity of security staff
D. gain audit buy-in for the security control
A. research vendor pricing to show cost efficiency
B. assess potential impact to the organization
C. demonstrate increased productivity of security staff
D. gain audit buy-in for the security control