Provide citations and lead a conversation about the following:
Which steps in risk assessment and mitigation are involved in information systems security?
a) Identifying potential risks and vulnerabilities
b) Assessing the likelihood and impact of each risk
c) Implementing security controls and measures
d) Monitoring and reviewing security practices