10. Apply the correct response to the vulnerability (AC 2.3)

After a vulnerability has been identified, the next step an organisation needs to do, is decide how to deal with it. This is detailed in the answer above.

An example scenario of how it may look. A vulnerability test identifies a vulnerability due to outdated software. Relevant team gets notified of this. It is then their job to update the vulnerable software and retest to make sure the vulnerability is no more.

Another example scenario: Vulnerability test reveals that many of the employees within the organisation are susceptible to phishing attacks. The appropriate steps are carried out within the organisation as listed above. The security measure for this kind of vulnerability might be phishing specific training for the staff.

Previous9. Demonstrate the steps to be taken when a vulnerability has been identified (AC 2.2)Next11. Develop an appropriate communication to mitigate future vulnerabilities (AC 2.4)

Last updated 1 year ago