Certified Information Security Manager (CISM) — Question 110

An employee has just reported the loss of a personal mobile device containing corporate information. Which of the following should the information security manager do FIRST?

Answer options

• A. Initiate incident response.
• B. Initiate a device reset.
• C. Conduct a risk assessment.
• D. Disable remote access.

Correct answer: A

Explanation

The correct action is to initiate incident response, as it allows the organization to quickly address the potential breach of sensitive information. Initiating a device reset, conducting a risk assessment, and disabling remote access are important, but they should follow the immediate response to the incident to mitigate any possible data exposure.