After undertaking a security assessment of a production system, the information security manager is MOST likely to: 

Answer options:

A. inform the system owner of any residual risks and propose measures to reduce them.
B. inform the development team of any residual risks, and together formulate risk reduction measures.
C. inform the IT manager of the residual risks and propose measures to reduce them.
D. establish an overall security program that minimizes the residual risks of that production system.

A