CISM Certified Information Security Manager – Question0240

When performing an information risk analysis, an information security manager should FIRST:

A.
establish the ownership of assets.
B. evaluate the risks to the assets.
C. take an asset inventory.
D. categorize the assets.

Correct Answer: C

Explanation:

Explanation:
Assets must be inventoried before any of the other choices can be performed.