What is the first step involved in security risk management? Question 20 options: determining the cause of damage

understanding what information assets need protection

evaluating controls and filling in security gaps

recovering the system from damage