During an information security audit, it was determined that IT staff did not follow the established standard when configuring and managing IT systems. Which of the following is the BEST way to prevent future occurrences?
A. Updating configuration baselines to allow exceptions
B. Conducting periodic vulnerability scanning
C. Providing annual information security awareness training
D. Implementing a strict change control process
A. Updating configuration baselines to allow exceptions
B. Conducting periodic vulnerability scanning
C. Providing annual information security awareness training
D. Implementing a strict change control process