cism video for during a risk assessment for a newly acquired subsidiary, the information security manager discovers that the subsidiary's infrastructure relies
During a risk assessment for a newly acquired subsidiary, the information security manager discovers that the subsidiary's infrastructure relies heavily on outdated systems with multiple unpatched vulnerabilities. However, the subsidiary's systems are critical for day-to-day operations. What should be the manager's first priority in managing these risks?