CISM Certified Information Security Manager – Question1017

Which of the following will identify a deviation in the information security management process from generally accepted standards of good practices?

A.
Risk assessment
B. Business impact analysis (BIA)
C. Penetration testing
D. Gap analysis

Correct Answer: D