CISM Certified Information Security Manager – Question1294

Which of the following is the BEST reason to reassess risk following an incident?

A.
To capture lessons learned
B. To identify changes in the threat environment
C. To update roles and responsibilities
D. To accurately document risk to the organization

Correct Answer: D