Which of the following are the choices to consider in information risk management, and what is the correct order?
A) Treatment: accept, treat (fix or mitigate), transfer, avoid, recast
B) Damage limitation: deter, detect, prevent, avoid
C) Perspective: outcomes, assets, process or threat based
D) Impact assessment: quantitative or qualitative