Achieving security risk reduction in an organisation begins with developing what?
Achieving security risk reduction in an organisation begins with developing what?
Answer is A. Page 220, section 1.1.1 of DMBOK2
Data Security, pag 212. Section 1.1.1 Risk Reduction
A answer
as per DMBOK
I hesitated between A and C, and finally opted for C, because the question states "begins with". Before classifying data, I think the basis in risk reduction is to protect it with the basics: a firewall. I don't know if my reasoning is valid though.