When performing an information risk analysis, an information security manager should FIRST:
A. establish the ownership of assets.
B. evaluate the risks to the assets.
C. take an asset inventory.
D. categorize the assets.
Explanation:
Assets must be inventoried before any of the other choices can be performed.