When determining security measures to take, organizations must______?
1) Assess potential risks and vulnerabilities
2) Define access controls and permissions
3) Establish incident response plans
4) Regularly update security policies