Following a highly sensitive data breach at a large company, all servers and workstations were patched. The information security manager’s NEXT step should be to:

A. inform senior management of changes in risk metrics.
B. perform an assessment to measure the current state.
C. deliver security awareness training.
D. ensure baseline back-ups are performed.