It is MOST important for an information security manager to ensure that security risk assessments are performed:

A. consistently throughout the enterprise

B. during a root cause analysis

C. as part of the security business case

D. in response to the threat landscape

Reference https://m.isaca.org/Certification/Additional-Resources/Documents/CISM-Item-Development-Guide_bro_Eng_0117.pdf (14)