Why does implementing as many common controls as possible make sense for the company?
a. It simplifies risk management activities by not having to reassess inherited common controls
b. It provides more consistent information security by using inherited common controls
c. It provides less consistent information security by using inherited common controls
d. Both a and b
