CISA Certified Information Systems Auditor – Question1040

An external penetration test identified a serious security vulnerability in a critical business application. Before reporting the vulnerability to senior management, the information security manager’s BEST course of action should be to:

A.
determine the potential impact with the business owner
B. initiate the incident response process
C. block access to the vulnerable business application
D. report the vulnerability to IT for remediation

Correct Answer: A