Certified Information Systems Security Professional (CISSP) — Question 215

Which of the following processes is BEST used to determine the extent to which modifications to an information system affect the security posture of the system?

Answer options

• A. Patch management
• B. Continuous monitoring
• C. Configuration change control
• D. Security impact analysis

Correct answer: D

Explanation

The correct answer, Security impact analysis, is specifically designed to evaluate the security implications of changes made to a system. Patch management, continuous monitoring, and configuration change control are important processes but do not focus primarily on assessing the security impact of modifications.