In order to highlight to management the importance of integrating information security in the
business processes, a newly hired information security officer should FIRST:
A.
prepare a security budget.
B.
conduct a risk assessment.
C.
develop an information security policy.
D.
obtain benchmarking information.
Explanation:
Risk assessment, evaluation and impact analysis will be the starting point for driving
management’s attention to information security. All other choices will follow the risk assessment.