A newly hired information security manager discovers that the cleanup of accounts for terminated employees happens only once a year. Which of the following should be the information security manager’s FIRST course of action?
A. Design and document a new process.
B. Update the security policy.
C. Perform a risk assessment.
D. Report the issue to senior management.
A. Design and document a new process.
B. Update the security policy.
C. Perform a risk assessment.
D. Report the issue to senior management.