Certified Information Security Manager (CISM) — Question 45

A security policy exception is leading to an unexpected increase in the number of alerts about suspicious Internet traffic on an organization's network. Which of the following is the BEST course of action?

Answer options

• A. Remove the rules that trigger the increased number of alerts.
• B. Present a risk analysis with recommendations to senior management.
• C. Update the risk register so that senior management is kept informed.
• D. Evaluate and update the enterprise network security architecture.

Correct answer: B

Explanation

The best action is to present a risk analysis with recommendations to senior management, as it addresses the root cause of the issue and provides a strategic approach to mitigate risks. Simply removing rules (A) may overlook underlying security needs, updating the risk register (C) does not address immediate concerns, and evaluating the architecture (D) is a broader task that may not provide immediate resolution.