Certified Information Systems Auditor (CISA) — Question 464

The MOST important reason why an IT risk assessment should be updated on a regular basis is to:

Answer options

• A. utilize IT resources in a cost-effective manner.
• B. react to changes in the IT environment.
• C. comply with data classification changes.
• D. comply with risk management policies.

Correct answer: B

Explanation

The correct answer is B because updating an IT risk assessment allows organizations to address new threats and changes in the IT environment, ensuring they remain secure. The other options, while important, do not directly address the necessity of adapting to the evolving risks associated with technology.