CISM Certified Information Security Manager – Question1238

A penetration test was conducted by an accredited third party. Which of the following should be the information security manager's FIRST course of action?

A.
Ensure vulnerabilities found are resolved within acceptable timeframes.
B. Request funding needed to resolve the top vulnerabilities.
C. Report findings to senior management.
D. Ensure a risk assessment is performed to evaluate the findings.

Correct Answer: D