What mechanisms are used to identify deficiencies that would provide attackers with an
opportunity to compromise a computer system?
A.
Business impact analyses
B.
Security gap analyses
C.
System performance metrics
D.
Incident response processes
Explanation:
A security gap analysis is a process which measures all security controls in place against typically
good business practice, and identifies related weaknesses. A business impact analysis is less
suited to identify security deficiencies. System performance metrics may indicate security
weaknesses, but that is not their primary purpose. Incident response processes exist for cases
where security weaknesses are exploited.