Certified Information Security Manager (CISM) — Question 924

A security incident has been reported within an organization. When should an information security manager contact the information owner?

Answer options

• A. After the potential incident has been logged
• B. After the incident has been contained
• C. After the incident has been confirmed
• D. After the incident has been mitigated

Correct answer: C

Explanation

The correct answer is C because the information owner should be contacted after the incident has been confirmed to ensure they are aware of the situation and can take appropriate action. Contacting them before the incident is confirmed (options A and B) may lead to unnecessary alarm, and option D is too late as it implies the incident has already been resolved.