When performing an information risk analysis, an information security manager should FIRST: 

Answer options:

A. establish the ownership of assets.
B. evaluate the risks to the assets.
C. take an asset inventory.
D. categorize the assets.

C

Assets must be inventoried before any of the other choices can be performed.