Certified Information Security Manager (CISM) — Question 519

Which of the following BEST indicates an effective vulnerability management program?

Answer options

• A. Security incidents are reported in a timely manner.
• B. Threats are identified accurately.
• C. Controls are managed proactively.
• D. Risks are managed within acceptable limits.

Correct answer: D

Explanation

The correct answer, D, highlights the importance of managing risks within acceptable thresholds, which is a primary goal of a vulnerability management program. While options A, B, and C are important aspects of security, they do not directly reflect the effectiveness of managing vulnerabilities in relation to overall risk management.