Certified Information Security Manager (CISM) — Question 613

A health care organization's information security manager is notified of a possible breach of critical patient data involving a large volume of records. What should the information security manager do FIRST?

Answer options

• A. Notify health care regulators
• B. Escalate the breach to senior management
• C. Validate whether the breach occurred
• D. Assess the possible impact of the breach.

Correct answer: C

Explanation

The first step in addressing a potential breach is to confirm whether it has actually occurred, making option C the correct choice. Without validating the breach, it's premature to notify regulators, escalate to management, or assess the impact, as these actions depend on the confirmation of the breach.