Your organization has decided to develop a new mobile application that will handle sensitive user information. The development team needs to identify and assess the risks related to data security before starting the project. What method should the development team use to identify potential data security risks associated with the new mobile application?