Which three elements should an enterprise security policy specify? (Choose three.)
A.
risks and how to manage the risks
B.
network inventory
C.
user roles and responsibilities
D.
software versions of the security products
E.
contingency plan in case of compromise
F.
funds allocated to security projects