Certified Information Security Manager (CISM) — Question 240

An organization that has outsourced its incident management capabilities just discovered a significant privacy breach by an unknown attacker. Which of the following is the MOST important action of the information security manager?

Answer options

• A. Follow the outsourcer's response plan
• B. Refer to the organization's response plan
• C. Notify the outsourcer of the privacy breach
• D. Alert the appropriate law enforcement authorities

Correct answer: B

Explanation

The most crucial step for the information security manager is to refer to the organization's response plan, as it is tailored to the company’s specific needs and protocols. Following the outsourcer's response plan may not align with the organization's policies. While notifying the outsourcer and law enforcement are important, the priority should be to activate the organization's internal response procedures first.