CRISC Certified in Risk and Information Systems Control – Question720

Which of the following is the PRIMARY reason to perform ongoing risk assessments?

A.
The risk environment is subject to change.
B. The information security budget must be justified.
C. Emerging risk must be continuously reported to management.
D. New system vulnerabilities emerge at frequent intervals.

Correct Answer: A