CISM Certified Information Security Manager – Question0631

Which of the following is MOST effective in preventing weaknesses from being introduced into existing production systems?

A.
Patch management
B. Change management
C. Security baselines
D. Virus detection

Correct Answer: B

Explanation:

Explanation:
Change management controls the process of introducing changes to systems. This is often the point at which a weakness will be introduced. Patch management involves the correction of software weaknesses and would necessarily follow change management procedures. Security baselines provide minimum recommended settings and do not prevent introduction of control weaknesses. Virus detection is an effective tool but primarily focuses on malicious code from external sources, and only for those applications that are online.