The correct answer isCbecause acentralized asset inventoryis the foundation of effective IT asset management. Without a complete and centralized inventory, the organization cannot reliably identify, classify, protect, monitor, or retire assets. Asset ownership, control requirements, lifecycle status, and associated risk cannot be managed consistently if the organization does not first know what assets exist and where they reside.
The other options are less important as a primary improvement area:
A. Lack of predictive analytics for asset failuresis a maturity enhancement, not a foundational requirement.
B. Lack of detailed historical asset datamay affect trend analysis, but current control begins with knowing what assets exist now.
D. Lack of asset valuation mechanismsis helpful for risk analysis, but valuation depends on first having a complete inventory.
Exact Extracts supporting the answer:
“The preparation of a risk register begins in the risk identification process.”
“The PRIMARY advantage of creating and maintaining a risk register is to ensure that an inventory of identified risk is maintained.”
“The FIRST step in identifying and assessing IT risk is to gather information on the current and future environment.”
“To evaluate the effectiveness of a risk mitigation control identifying the current state of existing controls is essential during the risk assessment process.”
These extracts support the principle that effective management starts with accurate identification and inventory. Therefore, the most important issue to address is thelack of a centralized asset inventory.
===========
Submit