CISM Certified Information Security Manager – Question0363

An information security manager has been informed of a new vulnerability in an online banking application, and patch to resolve this issue is expected to be released in the next 72 hours. The information security manager’s MOST important course of action should be to:

A.
assess the risk and advise senior management.
B. identify and implement mitigating controls.
C. run the application system in offline mode.
D. perform a business impact analysis (BIA).

Correct Answer: A