What are two important approaches to communicate when identifying a customer’s security risks? (Choose two.)
A.
Business strategy should directly relate to the security policy and budget.
B.
Security solutions should come from multiple vendors to make it easier to coordinate security events from the point of origin.
C.
Smaller companies are at less risk than larger enterprises, so their security needs are not as great.
D.
The designated security expert should report to the IT department, since that is where the solution will be implemented.
E.
Security should be a continuous process.