Certified Information Security Manager (CISM) — Question 730

Which of the following is an information security manager's BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?

Answer options

• A. Assess the risk to the organization.
• B. Review the mitigating security controls.
• C. Notify staff members of the threat.
• D. Increase the frequency of system backups.

Correct answer: A

Explanation

The best initial action is to assess the risk to the organization to understand how vulnerable it is to such attacks. Reviewing security controls and notifying staff are important, but they come after understanding the specific risks posed. Increasing backup frequency is a reactive measure that does not address the immediate need for risk evaluation.