Which of the following is the MOST important step in risk ranking?

A. Impact assessment
B. Mitigation cost
C. Threat assessment
D. Vulnerability analysis