Which of the following is MOST effective in preventing the introduction of a code modification that may reduce
the security of a critical business application?
A.
Patch management
B.
Change management
C.
Security metrics
D.
Version control
Explanation:
Change management controls the process of introducing changes to systems. Failure to have good change management may introduce new weaknesses into otherwise secure systems. Patch management corrects discovered weaknesses by applying a correction to the original program code. Security metrics provide a means for measuring effectiveness. Version control is a subset of change management.