CISM Certified Information Security Manager – Question1016

Which of the following is the MOST important factor when determining the frequency of information security reassessment?

A.
Risk priority
B. Risk metrics
C. Audit findings
D. Mitigating controls

Correct Answer: B