To protect information assets, which of the following should be done FIRST?

A. Restrict access to data
B. Encrypt data
C. Classify data
D. Back up data