CISM - Information Security Risk Management - Section 2.2
Conduct vulnerability and control deficiency analysis to identify gaps in the security posture.
Conduct vulnerability assessments and gap analysis to identify control deficiencies and weaknesses in the organisation's security posture. Use findings from penetration testing alongside gap analysis results to prioritise remediation and strengthen the overall control environment.
Vulnerability assessmentControl gapsGap analysisPenetration testing
More in this domain
Back to all Information Security Risk Management objectives, or the CISM cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.