Certified Information Systems Auditor (CISA) — Question 753

An application development team is also promoting changes to production for a critical financial application. Which of the following is the BEST control to reduce the associated risk?

Answer options

• A. Performing periodic audits
• B. Implementing a change management code review
• C. Performing regression tests
• D. Exporting change logs to a secure server

Correct answer: B

Explanation

Implementing a change management code review is crucial as it ensures that any changes made to the application are thoroughly examined for quality and security before being deployed. While periodic audits, regression tests, and exporting change logs are valuable practices, they do not provide the same immediate oversight on the specific changes being made, which is vital for a critical financial application.