CompTIA Security+ SY0-701 Practice Question
The risk register only needs to be updated when a new risk is identified, not as part of a regular review process.
The statement is correct; the risk register only needs to be updated when a new risk is identified.
The statement is incorrect; the risk register requires updates during regular review processes as well as when new risks are identified.