CISA Certified Information Systems Auditor – Question2352

Which of the following is the MOST important factor when determining the frequency of information security risk reassessment?

A.
Audit findings
B. Risk priority
C. Mitigating controls
D. Risk metrics

Correct Answer: D