Which of the following is an indicator of improvement in the ability to identify security risks?

A. Increased number of reported security incidents.
B. Decreased number of staff requiring information security training.
C. Decreased number of information security risk assessments.
D. Increased number of security audit issues resolved.