A user, Ann, has reported that she lost a laptop. The laptop had sensitive corporate information on it that has been published on the Internet. Which of the following is the FIRST step in implementing a best practice security policy?
A. Require biometric identification to log into the laptop.
B. Require multifactor authentication to log into laptop.
C. Require laptop hard drives to be encrypted.
D. Require users to change their password at frequent intervals.