Which of the following security activities should be implemented in the change management
process to identify key vulnerabilities introduced by changes?
A.
Business impact analysis (BIA)
B.
Penetration testing
C.
Audit and review
D.
Threat analysis
Explanation:
Penetration testing focuses on identifying vulnerabilities. None of the other choices would identify
vulnerabilities introduced by changes.