When preventative controls to appropriately mitigate risk are not feasible, which of the following is the MOST important action for the information security manager to perform?

A. Assess vulnerabilities.
B. Manage the impact.
C. Evaluate potential threats.
D. Identify unacceptable risk levels.