CompTIA CySA+ (CS0-001) — Question 126

Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team.
Which of the following frameworks would BEST support the program? (Choose two.)

Answer options

• A. COBIT
• B. NIST
• C. ISO 27000 series
• D. ITIL
• E. COSO

Correct answer: B, D

Explanation

The NIST framework provides comprehensive guidelines for managing cybersecurity risks, making it an ideal choice for vulnerability management. ITIL also offers best practices for IT service management, which can enhance the organization's approach to handling vulnerabilities effectively. The other options, while valuable in different contexts, do not specifically focus on vulnerability management as directly as NIST and ITIL do.