CompTIA CySA+ (CS0-001) — Question 2

Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team.
Which of the following frameworks would BEST support the program? (Choose two.)

Answer options

• A. COBIT
• B. NIST
• C. ISO 27000 series
• D. ITIL
• E. OWASP

Correct answer: B, D

Explanation

The NIST framework provides comprehensive guidelines for managing and mitigating vulnerabilities, making it ideal for a vulnerability management program. ITIL also supports this initiative by providing best practices for IT service management, including risk management and continuous improvement, which are essential in a vulnerability management context.