Certified Information Security Manager (CISM) — Question 1049

Which of the following should an information security manager do FIRST upon learning of a new ransomware targeting a particular line of business?

Answer options

• A. Ensure backups are stored offsite.
• B. Conduct a disaster recovery test and address any gaps.
• C. Assess the potential impact to the organization.
• D. Conduct a vulnerability scan and remediate the findings.

Correct answer: C

Explanation

The correct answer is C because assessing the potential impact helps the information security manager understand the severity and scope of the ransomware threat. Options A and B are important but are secondary actions that should follow an impact assessment. Option D is also necessary but should come after understanding the risks involved.