Which of the following should be the analyst’s FIRST action?

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst’s FIRST action?
A . Create a full inventory of information and data assets.
B . Ascertain the impact of an attack on the availability of crucial resources.
C . Determine which security compliance standards should be followed.
D . Perform a full system penetration test to determine the vulnerabilities.

View Answer

Answer: A

Explanation:

This is because a risk assessment requires identifying the assets that are valuable to the organization and could be targeted by attackers. A full inventory of information and data assets can help the analyst prioritize the most critical assets and determine their potential exposure to threats. Without knowing what assets are at stake, the analyst cannot effectively assess the risk level or the impact of an attack. Creating an inventory of assets is also a prerequisite for performing other actions, such as following compliance standards, measuring availability, or conducting penetration tests.