A mid-sized company is preparing to launch a new online customer portal which will store sensitive personal data. To ensure compliance with industry best practices for information security risk management, what should be the FIRST action the company undertakes once the portal has been developed but before it goes live?
Conduct penetration testing to identify system vulnerabilities.
Train staff on the new portal security features and protocols.
Perform a comprehensive risk assessment.
Select a compliance framework that the portal must adhere to.