Certified Information Security Manager (CISM) — Question 1197

After a ransomware incident, an organization's systems were restored. Which of the following should be of MOST concern to the information security manager?

Answer options

• A. The service level agreement (SLA) was not met.
• B. The recovery time objective (RTO) was not met.
• C. The root cause was not identified.
• D. Notification to stakeholders was delayed.

Correct answer: C

Explanation

The most critical concern is that the root cause was not identified, as this could lead to future vulnerabilities and additional attacks. While not meeting the SLA or RTO, and delayed notifications are important, they are secondary to understanding how the incident occurred to prevent recurrence.