Certified in Risk and Information Systems Control (CRISC) — Question 271

Which of the following is the PRIMARY reason to perform ongoing risk assessments?

Answer options

• A. The risk environment is subject to change.
• B. The information security budget must be justified.
• C. Emerging risk must be continuously reported to management.
• D. New system vulnerabilities emerge at frequent intervals.

Correct answer: A

Explanation

The correct answer is A because ongoing risk assessments are crucial to adapt to changes in the risk environment, which can affect the overall security posture. Options B, C, and D, while relevant, do not capture the primary motivation behind the necessity for continual risk assessments.