CISM Certified Information Security Manager – Question0274
Which program element should be implemented FIRST in asset classification and control? A. Risk assessment B. Classification C. Valuation D. Risk mitigation
Correct Answer: C
Explanation:
Explanation:
Valuation is performed first to identify and understand the assets needing protection. Risk assessment is performed to identify and quantify threats to information assets that are selected by the first step, valuation. Classification and risk mitigation are steps following valuation.
Please disable your adblocker or whitelist this site!