Denis is reviewing the approval process for a penetration test and wants to ensure that it has appropriate management review. Who should he ensure has approved the request for a penetration test for a business system?

In most organizations, senior management needs to approve penetration tests because of the risk and potential impact on business operations. Change advisory boards approve changes, not tests, system administrators do not typically have authority to sign off, and service owners may be aware but are not the ultimate authority.