Risk assessment is the process of assessing security$-$related risks to an organization's computers and

networks from both internal and external threats. Which of the following are the steps in a general

security risk assessment process?

Identify the set of IT assets about which the organisation is not worried.

Identify the loss events or the risks or threats that could occur, such as a DDoS attack or insider

fraud.

Determine the impact of each threat occurring.

Assess the feasibility of implementing the mitigation option.

Make the decision on whether or not to implement a particular countermeasure

a$.1,3,4$ and $5$

b$.1,2,3$ and $4$

c$.1,2,4$ and $5$

d$.2,3,4$ and $5$