CISM Certified Information Security Manager – Question0352

Following a recent acquisition, an information security manager has been requested to address the outstanding risk reported early in the acquisition process. Which of the following would be the manager’s BEST course of action?

A.
Add the outstanding risk to the acquiring organization’s risk registry.
B. Re-assess the outstanding risk of the acquired company.
C. Re-evaluate the risk treatment plan for the outstanding risk.
D. Perform a vulnerability assessment of the acquired company’s infrastructure.

Correct Answer: B