Certified Information Security Manager (CISM) — Question 892

Which of the following should an information security manager do FIRST after identifying suspicious activity on a PC that is not in the organization's IT asset inventory?

Answer options

• A. Isolate the PC from the network
• B. Perform a vulnerability scan.
• C. Determine why the PC is not included in the inventory.
• D. Reinforce information security training.

Correct answer: A

Explanation

The correct approach is to isolate the PC from the network to prevent any potential threat from spreading. Performing a vulnerability scan or determining the reason for the PC's absence in the inventory comes after ensuring that the immediate risk is mitigated. Reinforcing information security training, while important, does not address the urgent need to secure the network from the suspicious PC.