Which of the following steps is the initial step in developing an information security strategy?

Which of the following steps is the initial step in developing an information security strategy?

A.
Perform a technical vulnerabilities assessment.

B.
Assess the current levels of security awareness.

C.
Perform a business impact analysis.

D.
Analyze the current business strategy.