Information security managers should use risk assessment techniques to:

A. justify selection of risk mitigation strategies.

B. maximize the return on investment (ROD.

C. provide documentation for auditors and regulators.

D. quantify risks that would otherwise be subjective.

Explanation:

Information security managers should use risk assessment techniques to justify and implement a risk mitigation strategy as efficiently as possible. None of the other choices accomplishes that task, although they are important components.