Which of the following would BEST ensure that identified risk scenarios are addressed?

A. Performing real-time monitoring of threats
B. Creating a separate risk register for key business units
C. Performing regular risk control self-assessments
D. Reviewing the implementation of the risk response