Information security managers should use risk assessment techniques to:
A.
justify selection of risk mitigation strategies.
B.
maximize the return on investment (ROD.
C.
provide documentation for auditors and regulators.
D.
quantify risks that would otherwise be subjective.
Explanation:
Information security managers should use risk assessment techniques to justify and implement a
risk mitigation strategy as efficiently as possible. None of the other choices accomplishes that
task, although they are important components.