Question

Before we can go any further with our risk analysis, we need to determine what systems/information need to be protected. This step is known as:

a. risk determination.
b. system characterization.
c. control analysis.
d. vulnerability.

Answer 1

In risk analysis, system characterization is the step where the system and information requiring protection are identified to prioritize security efforts.

Step-by-step explanation:

When conducting a risk analysis, the step in which we determine what systems or information need to be protected is known as system characterization. This vital step involves selecting the system of interest and identifying which components are critical to the organization's operations and thus require protection.

By creating a clear picture of the system, its assets, and its potential vulnerabilities, organizations can more effectively prioritize their security efforts and create a comprehensive risk analysis strategy.

Drawing a sketch or diagram and listing out the necessary components can greatly aid in this characterization process.