An information security manager has been asked to create a strategy to protect the organization’s information from a variety of threat vectors. Which of the following should be done FIRST?
A. Perform a threat modeling exercise
B. Develop a risk profile
C. Design risk management processes
D. Select a governance framework
A. Perform a threat modeling exercise
B. Develop a risk profile
C. Design risk management processes
D. Select a governance framework