The MOST effective way to communicate the level of impact of information security risks on organizational objectives is to present:

A. business impact analysis (BIA) results.
B. detailed threat analysis results.
C. risk treatment options.
D. a risk heat map.