It is important to develop an information security baseline because it helps to define:
A.
critical information resources needing protection.
B.
a security policy for the entire organization.
C.
the minimum acceptable security to be implemented.
D.
required physical and logical access controls.
Explanation:
Developing an information security baseline helps to define the minimum acceptable security that
will be implemented to protect the information resources in accordance with the respective
criticality levels. Before determining the security baseline, an information security manager must
establish the security policy, identify criticality levels of organization’s information resources and
assess the risk environment in which those resources operate.