Certified Information Security Manager (CISM) — Question 615

An information security manager has received confirmation that the organization's e-commerce website was breached, exposing customer information. What should be done FIRST?

Answer options

• A. Inform affected customers
• B. Perform a vulnerability assessment
• C. Execute the incident response plan
• D. Take the affected systems offline

Correct answer: C

Explanation

The first step in responding to a security breach is to execute the incident response plan, which provides a structured approach to managing the incident. Informing customers, performing a vulnerability assessment, or taking systems offline are important subsequent actions, but they should follow the established response protocol.