An information security manager is asked to provide a short presentation on the organization’s current IT risk posture to the board of directors. Which of the following would be MOST effective to include in this presentation?

A. Risk heat map
B. Gap analysis results
C. Threat assessment results
D. Risk register