Which method can provide a better return on IT security investment and provide a thorough and
comprehensive assessment of organizational security covering policy, procedure design, and implementation?
A.
Penetration testing
B.
Social engineering
C.
Vulnerability scanning
D.
Access control list reviews