Certified Information Security Manager (CISM) — Question 868

Which of the following should an information security manager do FIRST after learning through mass media of a data breach at the organization's hosted payroll service provider?

Answer options

• A. Validate the breach with the provider.
• B. Suspend the data exchange with the provider.
• C. Notify appropriate regulatory authorities of the breach.
• D. Initiate the business continuity plan (BCP).

Correct answer: A

Explanation

Validating the breach with the provider is essential to ascertain the accuracy of the information and understand its impact before taking further actions. Suspending the data exchange, notifying authorities, or initiating the BCP could be premature without confirming the details of the breach first.