A company has decided to change its current business direction and refocus on core business. Consequently, several company sub-businesses are in the process of being sold-off. A security consultant has been engaged to advise on residual information security concerns with a de-merger. From a high-level perspective, which of the following BEST provides the procedure that the consultant should follow?
A . Perform a penetration test for the current state of the company. Perform another penetration test after the de-merger. Identify the gaps between the two tests.
B . Duplicate security-based assets should be sold off for commercial gain to ensure that the security posture of the company does not decline.
C . Explain that security consultants are not trained to offer advice on company acquisitions or demergers. This needs to be handled by legal representatives well versed in corporate law.
D . Identify the current state from a security viewpoint. Based on the demerger, assess what the security gaps will be from a physical, technical, DR, and policy/awareness perspective.
Answer: D