Risk assessment should be conducted on a continuing basis because:

Risk assessment should be conducted on a continuing basis because:

A. controls change on a continuing basis

B. the number of hacking incidents is increasing

C. management should be updated about changes in risk

D. factors that affect information security change