A security administrator is required to submit a detailed implementation plan and back out plan to get
approval prior to updating the firewall and other security devices. Which of the following types of risk
mitigation strategies is being followed?

A.
Change management

B.
Routine audit

C.
Rights and permissions review

D.
Configuration management