A risk manager is asked to perform a complete risk assessment for a company.

What is the best method to identify most of the threats to the company?

A. Have a brainstorm with representatives of all stakeholders

B. Interview top management

C. Send a checklist for threat identification to all staff involved in information security.