What process protects the information system from improper modifications?

The process that protects the information system from improper modifications is configuration control. Configuration control is a critical aspect of software development security, focusing on managing changes to the system's configuration, including both hardware and software components. This involves maintaining a comprehensive record of changes, ensuring that all modifications are approved and documented, and implementing checks to verify that changes do not introduce vulnerabilities or defects.

By establishing clear procedures for monitoring and controlling changes, configuration control helps to prevent unauthorized alterations that could compromise the integrity and functionality of the information system. This process also includes evaluating the potential impact of proposed changes and conducting thorough testing before any modifications are deployed into the production environment, thereby reducing the risk of improper modifications and enhancing overall system security.

While risk management, quality assurance, and access control are also important in the broader context of software development security, they address different aspects of security and system integrity. Risk management focuses on identifying, assessing, and mitigating risks, quality assurance pertains to ensuring that the software meets certain standards and requirements, and access control relates to restricting user access to prevent unauthorized actions. Configurations control specifically addresses the management of modifications to protect the integrity of the information system.