Certified Information Security Manager (CISM) — Question 100

An employee is found to be using an external cloud storage service to share corporate information with a third-party consultant, which is against company policy.
Which of the following should be the information security manager's FIRST course of action?

Answer options

• A. Block access to the cloud storage service
• B. Determine the classification level of the information
• C. Seek business justification from the employee
• D. Inform higher management of a security breach

Correct answer: B

Explanation

The first step should be to determine the classification level of the information to understand its sensitivity and the potential impact of the breach. Blocking access, seeking justification, or informing management are important, but they follow the need to classify the information to assess the situation appropriately.