When determining an acceptable risk level, which of the following is the MOST important consideration?

A. System criticalities
B. Vulnerability scores
C. Risk matrices
D. Threat profiles