To effectively manage an organization`s information security risk, it is MOST important to: 

Answer options:

A. periodically identify and correct new systems vulnerabilities
B. assign risk management responsibility to end users
C. benchmark risk scenarios against peer organizations
D. establish and communicate risk tolerance

A