You are the CISO for a global company. After studying the mission vision, strategic goals, the corporate strategy, and business and security requirements, you start to develop the information security strategy. Which of the following should you conduct first?
A. Determine the blueprint and milestones
B. Conduct gap analysis
C. Consider resources and constraints
D. Develop an information security program policy