Certified Information Security Manager (CISM) — Question 19

Which of the following is MOST important to do after a security incident has been verified?

Answer options

• A. Notify the appropriate law enforcement authorities of the incident.
• B. Follow the escalation process to inform key stakeholders.
• C. Prevent the incident from creating further damage to the organization.
• D. Contact forensic investigators to determine the root cause.

Correct answer: C

Explanation

Preventing the incident from causing further damage is the top priority as it helps to minimize the impact on the organization. While notifying law enforcement, informing stakeholders, and contacting forensic investigators are also important, they come after ensuring that the organization is secure and that the incident does not escalate.