Certified Information Security Manager (CISM) — Question 714

An online bank identifies a successful network attack in progress. The bank should FIRST:

Answer options

• A. report the root cause to the board of directors.
• B. isolate the affected network segment.
• C. shut down the entire network.
• D. assess whether personally identifiable information (PII) is compromised.

Correct answer: B

Explanation

The first step in responding to a network attack is to isolate the affected network segment to contain the threat and prevent further damage. Reporting to the board or shutting down the entire network may not be immediate priorities, and assessing PII compromise can follow after containment.