A third-party audit of an organization's network security has identified several critical risks. Which of the following should the information security manager do NEXT?
After a third-party audit identifies several critical risks, the next step for the information security manager is to ensure that senior management is informed. Reporting the findings enables senior management to understand the potential impact, provide direction, allocate resources, and fulfill their governance responsibilities. Only after management is aware and involved should the organization proceed to risk ownership assignment, prioritization, and mitigation planning.
Option C is the most appropriate next step because it ensures that the leadership is informed about the critical risks and can provide the necessary support and resources to address them.
I'm not sure D is the answer here... In the company where I work, when 3rd-party audit is done and we receive the report, this goes straight to senior management (through CSO), especially if there are critical risks. After that, we usually have meetings with CSO where we discuss remediation and deadlines (I'm in IT/cybersec, btw)
Although, the hint here is "network security", meaning technical stuff. So no business processes are in direct danger. So maybe it is D after all...dunno really :)
Usually external audit findings will go to senior management, especially for critical risks so they are aware and able to provide direction. Prioritizing risks should not be decided by Security Manager without consultation with business managers who are in better position to advise the impact.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mih
1 week, 1 day agoneo_wong
8 months, 2 weeks agoBooict
11 months, 1 week agoyottabyte
1 year, 3 months agooluchecpoint
1 year, 3 months agoxcjxcj
1 year, 3 months agoMarcelus1714
1 year, 4 months agoAlexJacobson
1 year, 5 months agorealmjmj
6 months agoAlexJacobson
1 year, 5 months agoSoleandheel
1 year, 7 months agorichck102
1 year, 9 months agowickhaarry
1 year, 9 months agoBennyMao
1 year, 9 months agoAaronS1990
1 year, 10 months agoSaisharan
1 year, 10 months ago