Certified Information Security Manager (CISM) — Question 263

An organization's outsourced firewall was poorly configured and allowed unauthorized access that resulted in downtime of 48 hours. Which of the following should be the information security manager's NEXT course of action?

Answer options

• A. Reconfigure the firewall in accordance with best practices.
• B. Obtain supporting evidence that the problem has been corrected.
• C. Seek damages from the service provider.
• D. Revisit the contract and improve accountability of the service provider.

Correct answer: B

Explanation

The correct answer is B because obtaining supporting evidence that the issue has been fixed is crucial for ensuring that the same problem does not recur. Simply reconfiguring the firewall or seeking damages does not address the immediate need to verify that the problem has been resolved. Revisiting the contract may improve future accountability, but it does not rectify the current situation.