Certified Information Security Manager (CISM) — Question 50

An organization has concerns regarding a potential advanced persistent threat (APT). To ensure that the risk associated with this threat is appropriately managed, what should be the organization's FIRST action?

Answer options

• A. Implement additional controls.
• B. Report to senior management.
• C. Initiate incident response processes.
• D. Conduct an impact analysis.

Correct answer: D

Explanation

The first action should be to conduct an impact analysis to understand the potential effects and severity of the APT on the organization. This assessment is crucial before implementing controls, reporting to management, or initiating incident response, as it provides the necessary information to make informed decisions about risk management.