When conducting a risk assessment, it is generally recommended to start by identifying the information assets (Option D) FIRST. This is because understanding what information assets you have and their value is a foundational step in the risk assessment process. Once you have a clear picture of your information assets, you can then proceed to assess vulnerabilities (Option A), existing controls (Option B), and legal requirements (Option C) that are relevant to those assets.
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
SuperMax
Highly Voted 1 year, 3 months ago3008
Highly Voted 1 year, 8 months agotakuanism
Most Recent 11 months, 3 weeks agoswmasinde
1 year, 11 months agom4s7er
1 year, 11 months agoDavid_Hu
2 years ago