Certified Information Security Manager (CISM) — Question 1170

A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?

Answer options

• A. Instruct the vendor to conduct penetration testing.
• B. Suspend the connection to the application in the firewall.
• C. Initiate the organization’s incident response process.
• D. Report the situation to the business owner of the application.

Correct answer: D

Explanation

The best course of action is to report the situation to the business owner of the application, as they need to be aware of the risk and can make decisions on how to proceed. While conducting penetration testing and suspending connections may be necessary later, immediate communication with the business owner is crucial for effective risk management. Initiating the incident response process could be premature if the business owner has not been informed yet.