Certified Information Security Manager (CISM) — Question 890

An information security manager learns that business unit leaders are encouraging increased use of social media platforms to reach customers. Which of the following should be done FIRST to help mitigate the risk of confidential information being disclosed by employees on social media?

Answer options

• A. Establish an organization-wide social media policy.
• B. Develop sanctions for misuse of social media sites.
• C. Monitor social media sites visited by employees.
• D. Restrict social media access on corporate devices.

Correct answer: A

Explanation

The best first step is to establish an organization-wide social media policy as it sets clear guidelines for employees on acceptable use and confidentiality standards. Developing sanctions, monitoring sites, and restricting access are important but should follow after a policy is in place to provide a framework for those actions.