Which of the following will BEST quantify the risk associated with malicious users in an organization?

A. Business impact analysis
B. Threat risk assessment
C. Vulnerability assessment
D. Risk analysis