CISA Certified Information Systems Auditor – Question2998 - CISA Certified Information Systems Auditor

The FIRST step in managing the risk of a cyber-attack is to:

A. assess the vulnerability impact.
B. evaluate the likelihood of threats.
C. identify critical information assets.
D. estimate potential damage.

Correct Answer: C

Explanation:

Explanation:
The first step in the managing risk is the identification and classification of critical information resources (assets). Once the assets have been identified, the process moves onto the identification of threats, vulnerabilities and calculation of potential damages.