Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:

Any weaknesses identified, even after an unsuccessful attack, should be tracked and reported until they are fully resolved. This ensures accountability, remediation, and prevention of future incidents. Ignoring or delaying action increases exposure to future threats.

“All vulnerabilities must be tracked, assigned for remediation, and closed out following proper documentation and validation.”

— CISM Review Manual 15th Edition, Chapter 4: Incident Management, Section: Remediation and Lessons Learned

ISACA’s guidance in the practice questions clearly recommends formal tracking and resolution of vulnerabilities as the best practice for ongoing security management.