CRISC Certified in Risk and Information Systems Control – Question034 - CRISC Certified in Risk and Information Systems Control

Which of the following is the first MOST step in the risk assessment process?

A. Identification of assets
B. Identification of threats
C. Identification of threat sources
D. Identification of vulnerabilities

Correct Answer: A

Explanation:

Explanation: Asset identification is the most crucial and first step in the risk assessment process. Risk identification, assessment and evaluation (analysis) should always be clearly aligned to assets. Assets can be people, processes, infrastructure, information or applications.