Which of the following will identify a deviation in the information security management process from generally accepted standards of good practices?
A. Gap analysis
B. Risk assessment
C. Business impact analysis (BIA)
D. Penetration testing
A. Gap analysis
B. Risk assessment
C. Business impact analysis (BIA)
D. Penetration testing