A security risk assessment exercise should be repeated at regular intervals because:
A.
business threats are constantly changing.
B.
omissions in earlier assessments can be addressed.
C.
repetitive assessments allow various methodologies.
D.
they help raise awareness on security in the business.
Explanation:
As business objectives and methods change, the nature and relevance of threats change as well.
Choice B does not, by itself, justify regular reassessment. Choice C is not necessarily true in all
cases. Choice D is incorrect because there are better ways of raising security awareness than by
performing a risk assessment.