When preventative controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager to perform? 

Answer options:

A. Assess vulnerabilities.
B. Manage the impact.
C. Evaluate potential threats.
D. Identify unacceptable risk levels.

D