An experienced information security manager joins a new organization and begins by conducting an audit of all key IT processes. Which of the following findings about the vulnerability management program should be of GREATEST concern?
A.
Identified vulnerabilities are not published and communicated in awareness programs.
B.
Identified vulnerabilities are not logged and resolved in a timely manner.
C.
The number of vulnerabilities identified exceeds industry benchmarks. D. Vulnerabilities are identified by internal staff rather than by external consultants.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit