Vulnerability scanning has detected a critical risk in a vital business application. Which of the following should the information security manager do FIRST? 

Answer options:

A. Report the business risk to senior management.
B. Confirm the risk with the business owner.
C. Update the risk register.
D. Create an emergency change request.

B