An organization performed a risk analysis and found a large number of assets with low-impact vulnerabilities. The NEXT action of the information security manager should be to:
A. determine appropriate countermeasures.
B. transfer the risk to a third party.
C. report to management.
D. quantify the aggregated risk.
A. determine appropriate countermeasures.
B. transfer the risk to a third party.
C. report to management.
D. quantify the aggregated risk.