An IS auditor is reviewing an IT security risk management program. Measures of security risk should: 
A、address all of the network risks. 
B、be tracked over time against the IT strategic plan. 
C、take into account the entire IT environment. 
D、result in the identification of vulnerability tolerances.