Certified Information Security Manager (CISM) — Question 373

Which of the following is an information security manager's BEST course of action when a potential business breach is discovered in a critical business system?

Answer options

• A. Update the incident response plan.
• B. Inform affected stakeholders.
• C. Inform IT management.
• D. Implement mitigating actions immediately.

Correct answer: B

Explanation

The best action is to inform affected stakeholders as they need to be aware of the breach and any potential impact on their operations. While updating the incident response plan, informing IT management, and implementing mitigating actions are important, they should follow the immediate notification to stakeholders who may be directly affected.