Certified Information Security Manager (CISM) — Question 1010
An information security team has confirmed that threat actors are taking advantage of a newly announced critical vulnerability within an application. Which of the following should be done FIRST?
Answer options
- A. Notify senior management.
- B. Prevent access to the application.
- C. Invoke the incident response plan.
- D. Install additional application controls.
Correct answer: C
Explanation
The correct course of action is to invoke the incident response plan (C), as this provides a structured approach to managing and mitigating the threat. Notifying senior management (A) and installing additional controls (D) are important but should follow the immediate response actions. Preventing access to the application (B) could be part of the response but does not address the need for a coordinated incident response.