Certified Chief Information Security Officer (CCISO) — Question 76

A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old.
After reading it, what should be your first priority?

Answer options

• A. Review the recommendations and follow up to see if audit implemented the changes
• B. Meet with audit team to determine a timeline for corrections
• C. Have internal audit conduct another audit to see what has changed.
• D. Contract with an external audit company to conduct an unbiased audit

Correct answer: C

Explanation

The correct answer is C because conducting a new internal audit will provide the CISO with an up-to-date assessment of the current security posture and any changes since the last audit. The other options, while important, do not address the immediate need for current information about the organization's security status.