Certified Information Security Manager (CISM) — Question 295

An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager's FIRST response?

Answer options

• A. Evaluate the impact to the business.
• B. Examine firewall logs to identify the attacker.
• C. Notify the regulatory agency of the incident.
• D. Implement mitigating controls.

Correct answer: A

Explanation

The first step in responding to a security incident is to assess the impact on the business, as this allows for informed decision-making regarding further actions. While examining logs, notifying agencies, and implementing controls are important, they should follow the initial impact assessment to understand the severity and necessary response.