A company has decided to change its current business direction and refocus on core business. Consequently, several company sub-businesses are in the process
of being sold-off. A security consultant has been engaged to advise on residual information security concerns with a de- merger. From a high-level perspective,
which of the following BEST provides the procedure that the consultant should follow?
A.
Perform a penetration test for the current state of the company. Perform another penetration test after the de-merger. Identify the gaps between the two tests.
B.
Duplicate security-based assets should be sold off for commercial gain to ensure that the security posture of the company does not decline.
C.
Explain that security consultants are not trained to offer advice on company acquisitions or demergers. This needs to be handled by legal representatives well
versed in corporate law.
D.
Identify the current state from a security viewpoint. Based on the demerger, assess what the security gaps will be from a physical, technical, DR, and policy/
awareness perspective.