Which of the following is the MOST important prerequisite to performing an information security risk assessment?

A. Classifying assets
B. Determining risk tolerance
C. Reviewing the business impact analysis
D. Assessing threats and vulnerabilities