Certified Information Security Manager (CISM) — Question 448

An organization's information security manager reads on social media that a recently purchased vendor product has been compromised and customer data has been posted online. What should the information security manager do FIRST?

Answer options

• A. Activate the incident response program
• B. Validate the risk to the organization
• C. Perform a business impact analysis (BIA)
• D. Notify local law enforcement agencies of a breach

Correct answer: B

Explanation

The information security manager should first assess the risk to the organization, as understanding the extent and severity of the compromise is crucial for determining the appropriate response. Activating the incident response program or notifying law enforcement may be necessary later, but without validating the risk, these actions may be premature. A business impact analysis (BIA) could follow, but it is not the immediate priority.