What are two important approaches to communicate when identifying a customer’s security risks? (Choose two.)
A.
Smaller companies are at less risk than larger enterprises, so their security needs are not as great.
B.
Business strategy should directly relate to the security policy and budget.
C.
The designated security expert should report to the IT department, since that is where the solution will be implemented.
D.
Security should be a continuous process.
E.
Security solutions should come from multiple vendors to make it easier to coordinate security events from the point of origin.