Certified in Risk and Information Systems Control (CRISC) — Question 1316

A user has contacted the risk practitioner regarding malware spreading laterally across the organization's corporate network. Which of the following is the risk practitioner's BEST course of action?

Answer options

• A. Update the risk register.
• B. Notify the cybersecurity incident response team.
• C. Perform a root cause analysis.
• D. Review all log files generated during the period of malicious activity.

Correct answer: B

Explanation

The best initial action for the risk practitioner is to notify the cybersecurity incident response team, as they are equipped to handle malware incidents and mitigate immediate threats. Updating the risk register, performing a root cause analysis, and reviewing log files are important but should come after the immediate threat is addressed.