A business recently acquired a software company. The software company's security posture is unknown.
However, based on an initial assessment, there are limited security controls. No significant security monitoring exists. Which of the following is the NEXT step that should be completed to obtain information about the software company's security posture?
A. Develop an asset inventory to determine the systems within the software company.
B. Review relevant network drawings, diagrams, and documentation.
C. Perform penetration tests against the software company's internal and external networks.
D. Baseline the software company's network to determine the ports and protocols in use.
However, based on an initial assessment, there are limited security controls. No significant security monitoring exists. Which of the following is the NEXT step that should be completed to obtain information about the software company's security posture?
A. Develop an asset inventory to determine the systems within the software company.
B. Review relevant network drawings, diagrams, and documentation.
C. Perform penetration tests against the software company's internal and external networks.
D. Baseline the software company's network to determine the ports and protocols in use.