CISA Certified Information Systems Auditor – Question0958

Following a recent acquisition, an information security manager has been requested the outstanding risk reported early in the acquisition process. Which of the following would be the manager’s BEST course of action?

A.
Perform a vulnerability assessment of the acquired company’s infrastructure.
B. Re-evaluate the risk treatment plan for the outstanding risk.
C. Re-assess the outstanding risk of the acquired company.
D. Add the outstanding risk to the acquiring organization’s risk registry

Correct Answer: C