The MOST important reason that security risk assessments should be conducted frequently throughout an organization is because:
A . control effectiveness may weaken
B . compliance with legal and regulatory standards should be reassessed
C . controls should be regularly tested
D . threats to the organization may change
Answer: D