Watch this video on YouTube
In risk assessment, after the identification of threats to organizational assets, the information security manager would: