Certified in Risk and Information Systems Control (CRISC) — Question 1320

Which of the following is the first MOST step in the risk assessment process?

Answer options

• A. Identification of assets
• B. Identification of threats
• C. Identification of threat sources
• D. Identification of vulnerabilities

Correct answer: A

Explanation

The first crucial step in risk assessment is the Identification of assets, as understanding what needs protection is fundamental before evaluating threats or vulnerabilities. The other options, while important, come after assets are identified and are part of the subsequent steps in the risk assessment process.