CISM Certified Information Security Manager – Question0350

Risk assessment should be conducted on a continuing basis because:

A.
controls change on a continuing basis
B. the number of hacking incidents is increasing
C. management should be updated about changes in risk
D. factors that affect information security change

Correct Answer: A