Which of the following is the MOST important factor when determining the frequency of information security risk reassessment?
A. Audit findings
B. Risk priority
C. Mitigating controls
D. Risk metrics
A. Audit findings
B. Risk priority
C. Mitigating controls
D. Risk metrics