John is a security administrator for a large retail company. He wishes to address new threats, what is the most important step for him to take in addressing new threats?
A.
Performing a proper risk assessment
B.
Performing a vulnerability assessment
C.
Ensuring the firewall is properly configured
D.
Creating security policies for the new threat
Explanation:
A risk assessment is the most important first step. Without a proper risk assessment, it is impossible to properly perform any other security steps.