Which term is the ongoing process to monitor and adjust risk responses and controls as threats evolve?

Risk management is an ongoing process that continuously monitors the threat landscape, assesses risk, and adjusts risk responses and controls as threats evolve. As new threats and vulnerabilities appear and the business environment changes, this approach keeps defenses aligned with current risk posture, regulatory requirements, and organizational objectives. It involves updating risk assessments, re-prioritizing controls, and modifying treatment plans (such as mitigation, transfer, acceptance, or avoidance) to maintain effective protection over time. Other options describe different things: a policy is a set of rules and guidelines, not a living process; penetration testing is a testing activity to discover vulnerabilities at a point in time; non-repudiation is a security property ensuring that the origin or integrity of data cannot be denied.