Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified. The CISO has implemented remediation activities.
Which of the following is the MOST logical next step?
A . Validate the effectiveness of applied controls
B . Report the audit findings and remediation status to business stake holders
C . Validate security program resource requirements
D . Review security procedures to determine if they need modified according to findings
Answer: A