CISA Certified Information Systems Auditor – Question2014

After threats to a data center are identified, an IS auditor would expect management to FIRST:

A.
recommend required actions to executive management.
B. discuss risk management practices with neighboring firms.
C. implement procedures to address all identified threats.
D. establish and quantify the potential effects if each threat occurs.

Correct Answer: C