A security risk assessment exercise should be repeated at regular intervals because:

A. business threats are constantly changing.

B. omissions in earlier assessments can be addressed.

C. repetitive assessments allow various methodologies.

D. they help raise awareness on security in the business.

Explanation:

As business objectives and methods change, the nature and relevance of threats change as well. Choice B does not, by itself, justify regular reassessment. Choice C is not necessarily true in all cases. Choice D is incorrect because there are better ways of raising security awareness than by performing a risk assessment.