Certified Information Security Manager (CISM) — Question 173

Which of the following should an information security manager do FIRST when informed that customer data has been breached within a third-party vendor's environment?

Answer options

• A. Communicate the breach to leadership.
• B. Request and verify evidence of the breach.
• C. Notify the incident response team.
• D. Review vendor obligations in the contract.

Correct answer: B

Explanation

The correct answer is B because verifying evidence of the breach is crucial to understanding the scope and impact before taking further actions. Communicating with leadership, notifying the incident response team, and reviewing vendor obligations are important, but they should follow after confirming the breach details.