Certified Information Systems Security Professional – CISSP – Question324

Directive controls are a form of change management policy and procedures. Which of the following subsections are recommended as part of the change management process?

A.
Build and test
B. Implement security controls
C. Categorize Information System (IS)
D. Select security controls