When performing an information risk analysis, an information security manager should FIRST:
A.
establish the ownership of assets.
B.
evaluate the risks to the assets.
C.
take an asset inventory.
D.
categorize the assets.
Explanation:
Assets must be inventoried before any of the other choices can be performed.