From the following list, select all options that describe the purposes of a cybersecurity risk analysis.
A. Identifying potential threats
B. Assessing vulnerabilities
C. Estimating the financial impact of an attack
D. Recommending software updates