Which of the following security activities should be implemented in the change management process to identify key vulnerabilities introduced by changes? 

Answer options:

A. Business impact analysis (BIA)
B. Penetration testing
C. Audit and review
D. Threat analysis

B

Penetration testing focuses on identifying vulnerabilities. None of the other choices would identify vulnerabilities introduced by changes.