Promoting IT Security: The First Step towards Strengthening the Enterprise's Data Protection

B.

Given the scenario, the FIRST high-level initiative for the newly created IT strategy committee to support the business goal of making IT security a key priority for the enterprise is to identify gaps in information asset protection.

Option A, modernizing internal IT security practices, assumes that there are existing security practices in place, but they are outdated. However, the scenario implies that IT security has not been a priority, which suggests that there may not be any formal security practices in place to modernize.

Option C, recruiting and training qualified IT security staff, is also a valid initiative, but it may not be the first priority. Before hiring new staff, it is important to identify the gaps in information asset protection, which will inform what type of security expertise is needed and in what areas.

Option D, defining data archiving and retrieval policies, is a tactical initiative that may come later in the process. Before defining specific policies, it is important to have a clear understanding of the risks to the organization's information assets and the security measures needed to mitigate those risks.

Identifying gaps in information asset protection should be the FIRST high-level initiative for the IT strategy committee because it provides a comprehensive understanding of the current state of IT security in the organization. This initiative involves conducting a thorough assessment of the organization's IT infrastructure, identifying potential vulnerabilities, and determining the appropriate security controls and processes needed to protect the organization's information assets. The results of this assessment will inform the development of a comprehensive IT security strategy that can be used to guide future investments in security technology, personnel, and processes.