Which of the following is the BEST method for determining whether new risks exist in legacy applications?
A. Regularly scheduled risk assessments
B. Automated vulnerability scans
C. Third-party penetration testing
D. Frequent updates to the risk register
A. Regularly scheduled risk assessments
B. Automated vulnerability scans
C. Third-party penetration testing
D. Frequent updates to the risk register