DRF Ltd have been increasing their focus on cyber security as some of their competitors have suffered cyber attack. The IT manager proposed that DRF should launch a digital resilience programme and after discussions with other senior managers, the board at DRF agreed it was a good approach to takeWork on the digital resilience programme has been under way for some time now, the board are satisfied that they have investigated and identified the risks that DRF face, and they have agreed the programme objectives. The IT manager has created four alternative options regarding the level of prevention that DRF could undertake, and an estimated cost to implement for each option, the board have decided which option they think is most appropriate, but have yet to communicate this to the IT manager. The IT manager has also been working with HR to consider how they could use the appraisal process to help ensure sustained motivation towards cyber security, regardless of the level of prevention the board ultimately choose Using the six step approach to digital resilience, which of the following steps are still to be considered? Select ALL that apply