In order to meet regulatory compliance objectives for the storage of PHI, vulnerability scans must be conducted on a continuous basis. The last completed scan of the network returned 5,682 possible vulnerabilities. The Chief Information Officer (CIO) would like to establish a remediation plan to resolve all known issues.
Which of the following is the BEST way to proceed?
A . Attempt to identify all false positives and exceptions, and then resolve all remaining items.
B . Hold off on additional scanning until the current list of vulnerabilities have been resolved.
C . Place assets that handle PHI in a sandbox environment, and then resolve all vulnerabilities.
D . Reduce the scan to items identified as critical in the asset inventory, and resolve these issues first.
Answer: D
Leave a Reply