The objective of risk management is to reduce risk to the minimum level that is:
A. compliant with security policies
B. practical given industry and regulatory environments.
C. achievable from technical and financial perspectives.
D. acceptable given the preference of the organization.
D looks more appropriate