Certified Information Security Manager (CISM) — Question 832
A daily monitoring report reveals that an IT employee made a change to a firewall rule outside of the change control process. The information security manager's FIRST step in addressing the issue should be to:
Answer options
- A. perform an analysis of the change.
- B. report the event to senior management.
- C. require that the change be reversed.
- D. review the change management process.
Correct answer: A
Explanation
The correct first step is to perform an analysis of the change to understand its impact and the circumstances surrounding it. Reporting to senior management or reversing the change may be necessary later, but these actions should follow a thorough analysis. Reviewing the change management process is important, but it does not directly address the immediate issue at hand.