CISM Certified Information Security Manager – Question1027

An internal audit has found that critical patches were not implemented within the timeline established by policy without a valid reason. Which of the following is the BEST course of action to address the audit findings?

A.
Perform regular audits on the implementation of critical patches.
B. Evaluate patch management training.
C. Assess the patch management process.
D. Monitor and notify IT staff of critical patches.

Correct Answer: C