As an information security manager at a medium-sized financial services firm, you are responsible for implementing the risk management program. Which of the following approaches best ensures that the company's risk profile is kept up-to-date and reflects the latest threat landscape?
Conduct regularly scheduled risk assessments as part of the organizational risk management process.
Rely solely on automated threat detection systems to inform when the risk assessment process should be initiated.
Perform an initial baseline risk assessment and rely on ad hoc assessments when there is a significant change in the infrastructure.
Establish a continuous risk assessment process that continuously monitors the company's network for any threats.