Certified Information Security Manager (CISM) — Question 59

Which of the following is an information security manager's FIRST priority after a high-profile system has been compromised?

Answer options

• A. Implement improvements to prevent recurrence.
• B. Identify the malware that compromised the system.
• C. Restore the compromised system.
• D. Preserve incident-related data.

Correct answer: C

Explanation

The correct answer is C because restoring the compromised system is essential to bring operations back to normal. While identifying malware and preserving data are important, the immediate focus should be on system recovery to minimize downtime and service disruption.