An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority? 

Answer options:

A. Identification of risk
B. Design of key risk indicators (KRIs)
C. Analysis of control gaps
D. Selection of risk treatment options

A