Certified Information Security Manager (CISM) — Question 1116

An intrusion prevention system (IPS) has reported a significant increase in the number of hacking attempts over the past month, though no systems have actually been compromised. Which of the following should the information security manager do FIRST?

Answer options

• A. Tune the IPS to address false positives.
• B. Report the increase in hacking attempts to senior management.
• C. Validate the events identified by the IPS.
• D. Update security awareness training.

Correct answer: C

Explanation

The correct answer is C, as validating the events identified by the IPS is crucial to determine if they are legitimate threats. If the alerts are false positives, tuning the IPS (option A) or reporting to senior management (option B) may not be necessary. Updating security awareness training (option D) is also important, but it should come after confirming the legitimacy of the threats.