An IS auditor finds ad hoc vulnerability scanning is in place with no clear alignment to the organization's wider security threat and vulnerability management program. Which of the following would BEST enable the organization to work toward improvement in this area?
A. Outsourcing the threat and vulnerability management function to a third party
B. Implementing security logging to enhance threat and vulnerability management
C. Using a capability maturity model to identify a path to an optimized program
D. Maintaining a catalog of vulnerabilities that may impact mission-critical systems
A. Outsourcing the threat and vulnerability management function to a third party
B. Implementing security logging to enhance threat and vulnerability management
C. Using a capability maturity model to identify a path to an optimized program
D. Maintaining a catalog of vulnerabilities that may impact mission-critical systems