Which of the following statements BEST describes this s…

A Chief Financial Officer (CFO) has raised concerns with the Chief Information Security Officer (CISO) because money has been spent on IT security
infrastructure, but corporate assets are still found to be vulnerable. The business recently funded a patch management product and SOE hardening initiative. A third
party auditor reported findings against the business because some systems were missing patches. Which of the following statements BEST describes this
situation?

A Chief Financial Officer (CFO) has raised concerns with the Chief Information Security Officer (CISO) because money has been spent on IT security
infrastructure, but corporate assets are still found to be vulnerable. The business recently funded a patch management product and SOE hardening initiative. A third
party auditor reported findings against the business because some systems were missing patches. Which of the following statements BEST describes this
situation?

A.
The CFO is at fault because they are responsible for patching the systems and have already been given patch management and SOE hardening products.

B.
The audit findings are invalid because remedial steps have already been applied to patch servers and the remediation takes time to complete.

C.
The CISO has not selected the correct controls and the audit findings should be assigned to them instead of the CFO.

D.
Security controls are generally never 100% effective and gaps should be explained to stakeholders and managed accordingly.



Leave a Reply 0

Your email address will not be published. Required fields are marked *