A penetration test was conducted by an accredited third party.
Which of the following should be the information security manager’s FIRST course of action?
A . Ensure vulnerabilities found are resolved within acceptable timeframes.
B . Request funding needed to resolve the top vulnerabilities.
C . Report findings to senior management.
D . Ensure a risk assessment is performed to evaluate the findings.
Answer: D