In risk assessment, after the identification of threats to organizational assets, the information security manager would: 

Answer options:

A. evaluate the controls currently in place.
B. implement controls to achieve target risk levels.
C. request funding for the security program.
D. determine threats to be reported to upper management.

A