CISM Certified Information Security Manager – Question0344

Security risk assessments should cover only information assets that:

A.
are classified and labeled.
B. are inside the organization.
C. support business processes.
D. have tangible value.

Correct Answer: A