Certified Information Security Manager (CISM) — Question 1127

An organization’s service desk has reported that a PC is displaying a message with the phrase "your personal files are encrypted." Which of the following should be done FIRST?

Answer options

• A. Analyze the compromised PC to determine the root cause.
• B. Isolate the compromised PC from the network.
• C. Meet with the security team to identify related assets.
• D. Update all security endpoints to the most current versions.

Correct answer: B

Explanation

The correct first step is to isolate the compromised PC from the network to prevent the spread of potential malware or ransomware to other devices. Analyzing the PC or meeting with the security team would be necessary later, but the immediate priority is to contain the threat. Updating security endpoints is also important but should occur after isolating the affected system.