You hired an external penetration test team to assess your company’s web sites. After receiving the penetration test report, which of the following should you conduct first?
A. Apply patches to mitigate vulnerabilities
B. Prepare a follow-up report for management review and decision
C. Take corrective actions for correction and improvement
D. Improve the performance and security of the web sites continuously
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Prepare follow-up report for management review and decision.
Any corrective actions, improvement, or changes shall follow the change management process and get approval or authorized by the management as the management are accountable.