Describe how you would evaluate the security posture of a new software system at UC Berkeley Extension.