Certified Information Security Manager (CISM) — Question 599

Which of the following is MOST effective in preventing the introduction of vulnerabilities that may disrupt the availability of a critical business application?

Answer options

• A. A patch management process
• B. Change management controls
• C. Version control
• D. Logical access controls

Correct answer: B

Explanation

Change management controls are crucial for ensuring that any changes made to critical business applications are reviewed and approved, thereby minimizing the risk of introducing vulnerabilities. While a patch management process and other options are important for security, they do not specifically address the management of changes that could directly affect application availability.