The MOST important step to determine the risks posed to an organization by social media is to
review access control processes for the organization’s social media accounts. This is because access
control processes help to ensure that only authorized users can access, modify, or share the
organization’s social media accounts and content, and prevent unauthorized or malicious access or
disclosure of sensitive or confidential information. Access control processes also help to protect the
organization’s reputation and brand image from being compromised or damaged by unauthorized or
inappropriate social media posts. The other options are not as important as reviewing access control
processes for the organization’s social media accounts, because they either relate to costs (A),
insurance (B), or recovery C aspects that are not directly related to the risks posed by social media.
