An information security manager has been informed of a new vulnerability in an online banking application, and patch to resolve this issue is expected to be released in the next 72 hours. The information security manager`s MOST important course of action should be to: 

Answer options:

A. assess the risk and advise senior management.
B. identify and implement mitigating controls.
C. run the application system in offline mode.
D. perform a business impact analysis (BIA).

A