Which of the following steps for risk assessment methodology refers to vulnerability identification?
A . Determines if any flaws exist in systems, policies, or procedures
B . Assigns values to risk probabilities; Impact values.
C . Determines risk probability that vulnerability will be exploited (High. Medium, Low)
D . Identifies sources of harm to an IT system. (Natural, Human. Environmental)
Answer: C