An IS auditor is reviewing an IT security risk management program. Measures of security risk should:
A、address all of the network risks.
B、be tracked over time against the IT strategic plan.
C、take into account the entire IT environment.
D、result in the identification of vulnerability tolerances.