CISA Certified Information Systems Auditor – Question0640

The MOST important reason that security risk assessment should be conducted frequently throughout an organization is because:

A.
threats to the organization may change.
B. controls should be regularly tested.
C. compliance with legal and regulatory standards should be reassessed.
D. control effectiveness may weaken.

Correct Answer: A