A security administrator is required to submit a detailed implementation plan and back out plan to get approval
prior to updating the firewall and other security devices. Which of the following types of risk mitigation strategies
is being followed?

A.
Change management

B.
Routine audit

C.
Rights and permissions review

D.
Configuration management