The information security manager has been notified of a new vulnerability that affects key data processing systems within the organization. Which of the following should be done FIRST?
A.
Re-evaluate the risk.
B.
Ask the business owner for the new remediation plan.
When a new vulnerability is identified that affects key data processing systems, the first step the information security manager should take is to re-evaluate the risk. This involves assessing the potential impact of the vulnerability on the organization's data processing systems, the likelihood of exploitation, and the potential consequences if the vulnerability is left unaddressed.
By re-evaluating the risk, the information security manager can determine the urgency and severity of the vulnerability and prioritize the response accordingly. This will help in making informed decisions about the appropriate remediation actions to be taken to mitigate the risk effectively.
Answer may be B. If any new vulnerabilities, just assign to business owner for remediation.
Why do we re-evaluate risk for new vulnerabilities(Option A).
because its a new vulnerability and risk level is not known
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Marcelus1714
10 months, 4 weeks agoafc1019
1 year, 5 months agoAXL1
1 year, 5 months agoSalilgen
9 months, 3 weeks agokoala_lay
1 year, 5 months agorichck102
1 year, 5 months agokaranvp
1 year, 6 months agowickhaarry
1 year, 5 months ago