As part of the senior leadership team's ongoing risk management activities, the Chief Information Security Officer has tasked a security analyst with coordinating the right training and testing methodology to respond to new business initiatives or significant changes to existing ones. The management team wants to examine a new business process that would use existing infrastructure to process and store sensitive data. Which of the following would be appropriate for the security analyst to coordinate?

A. A black-box penetration testing engagement
B. A tabletop exercise
C. Threat modeling
D. A business impact analysis