Which of the following is the MOST important factor when determining the frequency of information security reassessment?

A. Risk priority
B. Risk metrics
C. Audit findings
D. Mitigating controls