Nofsinger consultants has informed Sifers$-$Grayson executives that the company does not have business processes and staff in place to handle the cybersecurity incident reporting requirements imposed by the company's customers $($especially the federal government$).$ According to the EC$-$Council E$|$CIH materials, what is the first step the Nofsinger contractors should recommend to the company's executives to address this finding?

Question $27$ options:

Define IH&R Vision and Mission

Determine the Need for IH&R Processes

Develop IH&R Plan

Develop IH&R Procedures