Certified Information Security Manager (CISM) — Question 1141

The results of a risk assessment for a potential network reconfiguration reveal a high likelihood of sensitive data being compromised. What is the information security manager's BEST course of action?

Answer options

• A. Seek an independent opinion to confirm the findings.
• B. Determine alignment with existing regulations.
• C. Report findings to key stakeholders.
• D. Recommend additional network segmentation.

Correct answer: C

Explanation

The best course of action is to report findings to key stakeholders, as they need to be aware of the risks to make informed decisions. Seeking an independent opinion (A) may delay action, while determining regulatory alignment (B) and recommending additional segmentation (D) are important but not immediate priorities compared to communicating the risk to stakeholders.