Risk assessment is MOST effective when performed:
A.
at the beginning of security program development.
B.
on a continuous basis.
C.
while developing the business case for the security program.
D.
during the business change process.
Explanation:
Risk assessment needs to be performed on a continuous basis because of organizational and
technical changes. Risk assessment must take into account all significant changes in order to be
effective.