CISM Certified Information Security Manager – Question0291

Risk assessment is MOST effective when performed:

A.
at the beginning of security program development.
B. on a continuous basis.
C. while developing the business case for the security program.
D. during the business change process.

Correct Answer: B

Explanation:

Explanation: Risk assessment needs to be performed on a continuous basis because of organizational and technical changes. Risk assessment must take into account all significant changes in order to be effective.