Certified Information Security Manager (CISM) — Question 1097

Which of the following should be the FIRST consideration for an information security manager after a security incident has been confirmed?

Answer options

• A. Developing incident reporting criteria
• B. Executing containment procedures
• C. Restoring business operations
• D. Determining the root cause

Correct answer: B

Explanation

The correct answer is B, as the immediate priority after confirming a security incident is to execute containment procedures to limit the impact and prevent further damage. While determining the root cause and restoring operations are important, they should follow the containment efforts to ensure the situation is controlled.