What is the primary purpose of conducting a risk control assessment in an organization's risk management process?
To evaluate how well security controls are reducing risks to an acceptable level
To identify new risks that the organization has not encountered before
To determine the total cost of the security measures employed by the organization
To calculate the potential financial loss in the event of a security breach