Which process is ongoing and implemented throughout the system life cycle to keep track of identified risks?

The ongoing process that is implemented throughout the system life cycle to keep track of identified risks is risk monitoring. This process is essential as it involves continuously observing and reviewing risk factors to ensure that any changes in the risk environment are captured and addressed appropriately.

Risk monitoring is critical because risks can evolve over time due to changes in the environment, technology, or business operations. By consistently monitoring risks, an organization can identify new threats, changes in the likelihood or impact of existing risks, and the effectiveness of risk mitigation strategies. This proactive approach helps organizations to adapt their security measures and risk management strategies accordingly, ensuring that they maintain an effective risk posture.

In contrast, while risk assessment and risk control are important processes in the overall risk management framework, they typically are more focused on initial evaluations and implementing measures rather than the continuous oversight that characterizes risk monitoring. Framing risk usually pertains to establishing the context in which risks are identified and assessed rather than the continuous process of tracking them throughout the lifecycle of a system. Thus, risk monitoring is unique in its ongoing nature and its critical role in ensuring that an organization is actively managing its risk environment.