You are an information system auditor of HDA Inc. You are conducting an audit of the firewall rules in place. In the process of evaluating these rules, which aspect should you prioritize and give primary consideration to before assessing other factors?