Deciding the level of protection a particular asset should be given in BEST determined by: 

Answer options:

A. a threat assessment.
B. a vulnerability assessment.
C. a risk analysis.
D. the corporate risk appetite.

C