Certified Information Security Manager (CISM) — Question 852

Which of the following should be triggered FIRST when unknown malware has infected an organization's critical system?

Answer options

• A. Disaster recovery plan (DRP)
• B. Vulnerability management plan
• C. Incident response plan
• D. Business continuity plan (BCP)

Correct answer: C

Explanation

The correct answer is C, the Incident response plan, because it is designed to address and manage the immediate response to security incidents, including malware infections. The other options, while important, are not the first steps; the Disaster recovery plan (DRP) and Business continuity plan (BCP) focus on recovery and continuity after an incident, and the Vulnerability management plan is more about preventing future incidents.