Certified Chief Information Security Officer (CCISO) — Question 130

When you develop your audit remediation plan what is the MOST important criteria?

Answer options

• A. To validate the remediation process with the auditor.
• B. To validate that the cost of the remediation is less than risk of the finding.
• C. To remediate half of the findings before the next audit.
• D. To remediate all of the findings before the next audit.

Correct answer: B

Explanation

The correct answer is B because the cost-benefit analysis of remediation ensures that the resources spent are justified by the risk mitigated. Options A, C, and D do not prioritize the financial implications of remediation, which is crucial for effective risk management.