The IT director asks you to perform a risk assessment of your organization's network. Which of the following should you do first?
A. Identify vulnerabilities.
B. Identify organizational assets.
C. Identify threats and threat likelihood.
D. Identify potential monetary impact.
Answer: B