Which of the following would be MOST helpful to an information security management team when allocating resources to mitigate exposures?
A. Internal audit findings
B. Relevant risk case studies
C. Risk assessment results
D. Penetration testing results
A. Internal audit findings
B. Relevant risk case studies
C. Risk assessment results
D. Penetration testing results