A user, Ann, has reported that she lost a laptop. The laptop had sensitive corporate information on it that has been published on the Internet.
Which of the following is the FIRST step in implementing a best practice security policy?
A . Require biometric identification to log into the laptop.
B . Require multifactor authentication to log into laptop.
C . Require laptop hard drives to be encrypted.
D . Require users to change their password at frequent intervals.
E . Require users to have strong passwords.
Answer: C