Which of the following should be an IS auditor`s FIRST action when assessing the risk associated with unstructured data? 

Answer options:

A. Implement strong encryption for unstructured data.
B. Implement user access controls to unstructured data.
C. Identify repositories of unstructured data.
D. Identify appropriate tools for data classification.

D