Certified Information Security Manager (CISM) — Question 1151

Which of the following should an organization do FIRST upon learning that a subsidiary is located in a country where civil unrest has just begun?

Answer options

• A. Invoke the incident response plan.
• B. Assess changes in the risk profile.
• C. Conduct security awareness training.
• D. Activate the disaster recovery plan (DRP).

Correct answer: B

Explanation

The correct answer is B because assessing changes in the risk profile allows the organization to understand the potential impact of the civil unrest on their operations and employees. Options A, C, and D are reactive measures that should be considered only after a thorough risk assessment has been conducted to determine the appropriate response.