A large company is preparing to merge with a smaller company. The smaller company has been very profitable, but the smaller company’s main applications were created in-house. Which of the following actions should the large company’s security administrator take in preparation for the merger?
A . A review of the mitigations implemented from the most recent audit findings of the smaller company should be performed.
B . An ROI calculation should be performed to determine which company’s application should be used.
C . A security assessment should be performed to establish the risks of integration or co-existence.
D . A regression test should be performed on the in-house software to determine security risks associated with the software.
Answer: C