Certified Information Systems Auditor (CISA) — Question 525

The operations team of an organization has reported an IS security attack. Which of the following should be the FIRST step for the security incident response team?

Answer options

• A. Report results to management.
• B. Document lessons learned.
• C. Perform a damage assessment.
• D. Prioritize resources for corrective action.

Correct answer: C

Explanation

The correct first step is to perform a damage assessment (C) to understand the extent of the attack and its impact. Reporting to management (A) and documenting lessons learned (B) are important but should come after assessing the damage. Prioritizing resources for corrective action (D) can only be effectively done once the damage has been evaluated.