Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
Which of the following is the FIRST action the CISO will perform after receiving the audit report?
A . Inform peer executives of the audit results
B . Validate gaps and accepts or dispute the audit findings
C . Create remediation plans to address program gaps
D . Determine if security policies and procedures are adequate
Answer: B