Security risk assessments should cover only information assets that: 

Answer options:

A. are classified and labeled.
B. are inside the organization.
C. support business processes.
D. have tangible value.

A