Which program element should be implemented FIRST in asset classification and control?
A.
Risk assessment
B.
Classification
C.
Valuation
D.
Risk mitigation
Explanation:
Valuation is performed first to identify and understand the assets needing protection. Risk assessment is performed to identify and quantify threats to information assets that are selected by the first step, valuation.
Classification and risk mitigation are steps following valuation.