Vulnerability scanning has detected a critical risk in a vital business application.
Which of the following should the information security manager do FIRST?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
As a first step, the information security manager should confirm the critical risk identified by the vulnerability scanning with the business owner who is responsible for the vital business application. This will help to ensure that the identified risk is genuine, and there are no false positives, and will allow the business owner to provide additional context about the application.
Once the risk has been confirmed, the information security manager should then report the business risk to senior management. This is important to ensure that senior management is aware of the risk and the potential impact it could have on the organization.
Updating the risk register is also an important step as it helps to maintain an up-to-date record of all the risks facing the organization. This will help the organization to track its risk profile and prioritize risk mitigation efforts accordingly.
Finally, if the identified risk is deemed critical, and immediate action is required, the information security manager should create an emergency change request. This will enable the organization to quickly implement the necessary security controls to mitigate the identified risk.
In summary, the correct sequence of actions that the information security manager should take when a critical risk is identified in a vital business application is: