An IS auditor finds that a key Internet-facing system is vulnerable to attack and that patches are not available.
What should the auditor recommend be done FIRST?
A . Implement a new system that can be patched.
B . Implement additional firewalls to protect the system.
C . Decommission the server.
D . Evaluate the associated risk.
Answer: D
Explanation:
The first step in addressing a vulnerability is to evaluate the associated risk, which involves assessing the likelihood and impact of a potential exploit. Based on the risk assessment, the appropriate mitigation strategy can be determined, such as implementing a new system, adding firewalls, or decommissioning the server.
References: ISACA CISA Review Manual 27th Edition, page 280
Latest CISA Dumps Valid Version with 2694 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund