Certified Information Security Manager (CISM) — Question 395

An incident response team has determined there is a need to isolate a system that is communicating with a known malicious host on the Internet. Which of the following stakeholders should be contacted FIRST?

Answer options

• A. The business owner
• B. Key customers
• C. Executive management
• D. System administrator

Correct answer: A

Explanation

The business owner should be contacted first because they have the authority and responsibility to make decisions regarding the system and its impact on the organization. Key customers, executive management, and system administrators may need to be informed later, but the business owner is essential for immediate action.