Certified Information Security Manager (CISM) — Question 433

A newly hired information security manager discovers that the cleanup of accounts for terminated employees happens only once a year. Which of the following should be the information security manager’s FIRST course of action?

Answer options

• A. Design and document a new process.
• B. Perform a risk assessment.
• C. Report the issue to senior management.
• D. Update the security policy.

Correct answer: B

Explanation

The correct answer is B because performing a risk assessment will help the manager identify the potential risks associated with the delayed cleanup of accounts. This understanding is crucial before implementing any changes, as it provides a basis for prioritizing and justifying the need for new processes or policies. The other options, while important, should follow after assessing the risks involved.