CISM Certified Information Security Manager – Question1064

The MOST important reason that security risk assessments should be conducted frequently throughout an organization is because:

A.
control effectiveness may weaken
B. compliance with legal and regulatory standards should be reassessed
C. controls should be regularly tested
D. threats to the organization may change

Correct Answer: D