The security team for a large, international organization is developing a vulnerability management program. The development staff has expressed concern that the new program will cause service interruptions and downtime as vulnerabilities are remedied.
Which of the following should the security team implement FIRST as a core component of the remediation process to address this concern?
A. Automated patch management
B. Change control procedures
C. Security regression testing
D. Isolation of vulnerable servers