Certified Information Security Manager (CISM) — Question 921

During a post-incident review, it was determined that a known vulnerability was exploited in order to gain access to a system. The vulnerability was patched as part of the remediation on the offending system. Which of the following should be done NEXT?

Answer options

• A. Scan to determine whether the vulnerability is present on other systems.
• B. Review the vulnerability management process.
• C. Install patches an all existing systems.
• D. Report the root cause of the vulnerability to senior management.

Correct answer: A

Explanation

The next logical step is to scan other systems for the same vulnerability to ensure they are not also at risk. While reviewing the vulnerability management process and reporting to management are important, they do not directly address the immediate risk posed by the vulnerability across the network. Installing patches on all systems is a broader action, but identifying vulnerable systems is critical first.