Certified Information Security Manager (CISM) — Question 788
An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?
Answer options
- A. Isolate the affected systems.
- B. Conduct an impact assessment.
- C. Initiate incident response.
- D. Rebuild the affected systems.
Correct answer: C
Explanation
The best course of action is to initiate incident response, as this involves taking immediate steps to address and contain the threat. Isolating affected systems and conducting an impact assessment are important, but they are part of the broader incident response process. Rebuilding the affected systems is a last resort and does not address the immediate issue of the encryption attack.