CISA Certified Information Systems Auditor – Question2073

Which of the following should be the FIRST step when conducting an IT risk assessment?

A.
Assess vulnerabilities
B. Identify assets to be protected
C. Evaluate controls in place
D. Identify potential threats

Correct Answer: B