A security team is implementing a new vulnerability management program in an environment that has a historically poor security posture. The team is aware of issues patch management in the environment and expects a large number of findings.
Which of the following would be the MOST efficient way to increase the security posture of the organization in the shortest amount of time?
A . Create an SLA stating that remediation actions must occur within 30 days of discovery for all levels of vulnerabilities.
B . Incorporate prioritization levels into the remediation process and address critical findings first.
C . Create classification criteria for data residing on different servers and provide remediation only for servers housing sensitive data.
D . Implement a change control policy that allows the security team to quickly deploy patches in the production environment to reduce the risk of any vulnerabilities found.
Answer: B
Leave a Reply