After identifying potential security vulnerabilities, what should be the IS auditor’s next step?
A.
To evaluate potential countermeasures and compensatory controls
B.
To implement effective countermeasures and compensatory controls
C.
To perform a business impact analysis of the threats that would exploit the vulnerabilities
D.
To immediately advise senior management of the findings
Explanation:
After identifying potential security vulnerabilities, the IS auditor’s next step is to perform a business
impact analysis of the threats that would exploit the vulnerabilities.