Certified Information Security Manager (CISM) — Question 685
An organization's information security manager is performing a post-incident review of a security incident in which the following events occurred:
✑ A bad actor broke into a business-critical FTP server by brute forcing an administrative password
✑ The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored
✑ The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server
✑ After three (3) hours, the bad actor deleted the FTP directory, causing incoming FTP attempts by legitimate customers to fail
Which of the following could have been prevented by conducting regular incident response testing?
Answer options
- A. Stolen data
- B. The server being compromised
- C. The brute force attack
- D. Ignored alert messages
Correct answer: D
Explanation
Regular incident response testing could have ensured that alert notifications were addressed promptly, potentially preventing the bad actor's access. While the other options indicate serious issues, they relate to the incident's impact rather than the response to alerts. Ignoring alerts directly contributed to the incident's escalation.