Certified Information Security Manager (CISM) — Question 1043

When multiple Internet intrusions on a server are detected, the PRIMARY concern of the information security manager should be to ensure:

Answer options

• A. the incident is reported to senior management.
• B. the integrity of evidence is preserved.
• C. the server is unplugged from power.
• D. forensic investigation software is loaded on the server.

Correct answer: B

Explanation

The correct answer is B because maintaining the integrity of evidence is crucial for any subsequent investigations and legal proceedings. While reporting to management (A) and unplugging the server (C) are important, they do not take precedence over preserving evidence. Loading forensic software (D) is also less critical than ensuring that the evidence remains intact.