Question

An information security manager conducted a gap analysis, which revealed a 75% implementation of security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, and 10% for low-risk vulnerabilities. To create a road map to close the identified gaps, the assurance team reviewed the likelihood of exploitation of each vulnerability and the business impact of each associated control.

To determine which controls to implement, which of the following is the MOST important to consider?

A. KPI
B. KRI
C. GRC
D. BIA

Answer 1

The MOST important factor to consider when determining which controls to implement in the road map to close identified gaps is the Business Impact Analysis (BIA).

Step-by-step explanation:

When determining which controls to implement in the road map to close the identified gaps, the MOST important factor to consider is the Business Impact Analysis (BIA).

The BIA assesses the potential impact of each vulnerability and associated control on the organization's operations, reputation, and financial stability. It takes into account factors such as the cost of implementing the control, the potential loss or damage if the vulnerability is exploited, and the organization's overall risk tolerance.