A risk manager is asked to perform a complete risk assessment for a company.
What is the best method to identify most of the threats to the company?
A. Have a brainstorm with representatives of all stakeholders
B. Interview top management
C. Send a checklist for threat identification to all staff involved in information security.