Certified Information Security Manager (CISM) — Question 452

A serious vulnerability was detected in a business application that can be exploited by external attackers to compromise the system. What is the information security manager's BEST course of action?

Answer options

• A. Implement temporary remediation.
• B. Request an immediate shutdown of the application.
• C. Report the risk to the business application owner.
• D. Ask the business application owner to apply the fix immediately.

Correct answer: C

Explanation

The best action is to report the risk to the business application owner, as they are responsible for the application and can make informed decisions on how to address the vulnerability. Implementing temporary remediation or shutting down the application may not be feasible or effective long-term solutions. Asking the owner to apply the fix immediately may not allow for proper assessment or planning, which is crucial in handling significant vulnerabilities.