An IS audit reveals that an organization is not proactively addressing known vulnerabilities. Which of the following should the IS auditor recommend the organization do FIRST?
A. Verify the disaster recovery plan (DRP) has been tested.
B. Ensure the intrusion prevention system (IPS) is effective.
C. Confirm the incident response team understands the issue.
D. Assess the security risks to the business.
A. Verify the disaster recovery plan (DRP) has been tested.
B. Ensure the intrusion prevention system (IPS) is effective.
C. Confirm the incident response team understands the issue.
D. Assess the security risks to the business.