To effectively manage an organization-s information security risk, it is MOST important to:

To effectively manage an organization-s information security risk, it is MOST important to:

A. periodically identify and correct new systems vulnerabilities

B. assign risk management responsibility to end users

C. benchmark risk scenarios against peer organizations

D. establish and communicate risk tolerance