( ) is not included in Information Security Risk Assessment Process.
问题1选项
A.Establishing information security risk criteria
B.Identifying the information security risks
C.Formulating an information security risk treatment plan
D.Analysing the information security risk
