An organization has implemented controls to mitigate risks resulting from identified vulnerabilities in an application. Which of the following is the BEST way to verify all weaknesses have been addressed?
After implementing controls, performing a vulnerability assessment is the best way to verify that all previously identified weaknesses have been addressed. The CISM Review Manual specifies that vulnerability assessments systematically scan for known vulnerabilities and confirm remediation effectiveness. Penetration testing is valuable but is typically used to exploit vulnerabilities, not comprehensively verify their remediation as efficiently as vulnerability assessments.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit