A third-party audit of an organization's network security has identified several critical risks. Which of the following should the information security manager do NEXT?
Option C is the most appropriate next step because it ensures that the leadership is informed about the critical risks and can provide the necessary support and resources to address them.
I'm not sure D is the answer here... In the company where I work, when 3rd-party audit is done and we receive the report, this goes straight to senior management (through CSO), especially if there are critical risks. After that, we usually have meetings with CSO where we discuss remediation and deadlines (I'm in IT/cybersec, btw)
Although, the hint here is "network security", meaning technical stuff. So no business processes are in direct danger. So maybe it is D after all...dunno really :)
Usually external audit findings will go to senior management, especially for critical risks so they are aware and able to provide direction. Prioritizing risks should not be decided by Security Manager without consultation with business managers who are in better position to advise the impact.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
neo_wong
2 months, 1 week agoBooict
4 months, 3 weeks agoyottabyte
9 months agooluchecpoint
9 months, 1 week agoxcjxcj
9 months, 1 week agoMarcelus1714
10 months, 1 week agoAlexJacobson
10 months, 3 weeks agoAlexJacobson
10 months, 3 weeks agoSoleandheel
1 year agorichck102
1 year, 2 months agowickhaarry
1 year, 2 months agoBennyMao
1 year, 3 months agoAaronS1990
1 year, 4 months agoSaisharan
1 year, 4 months ago