Certified Information Security Manager (CISM) — Question 1113

An organization experienced a breach which was successfully contained and remediated. Based on industry regulations, the breach needs to be communicated externally. What should the information security manager do NEXT?

Answer options

• A. Refer to the privacy policy.
• B. Refer to the incident response plan.
• C. Send out a breach notification to all parties involved.
• D. Contact the board of directors.

Correct answer: B

Explanation

The correct answer is B because the incident response plan typically outlines the procedures for communicating breaches and ensuring compliance with regulations. Option A, referring to the privacy policy, may provide guidelines on data handling but doesn't specifically address breach communication. Option C suggests immediate notification, which could be part of the incident response but isn't the immediate next step without consulting the plan. Option D, contacting the board, may be necessary but is not the first action to take in addressing regulations related to the breach.