Certified Information Security Manager (CISM) — Question 1121

A data loss prevention (DLP) tool has flagged personally identifiable information (PII) during transmission. Which of the following should the information security manager do FIRST?

Answer options

• A. Validate the scope and impact with the business process owner.
• B. Escalate the issue to senior management.
• C. Review and validate the rules within the DLP system.
• D. Initiate the incident response plan.

Correct answer: A

Explanation

The correct action is to validate the scope and impact with the business process owner, as this helps in understanding the context and severity of the situation before taking further steps. Escalating to senior management or initiating the incident response plan may be premature without first assessing the situation. Reviewing DLP rules is also important but should come after confirming the specifics with the business process owner.