Certified in Risk and Information Systems Control (CRISC) — Question 31

A risk practitioner discovers several key documents detailing the design of a product currently in development have been posted on the Internet. What should be the risk practitioner's FIRST course of action?

Answer options

• A. Perform a root cause analysis
• B. Conduct an immediate risk assessment
• C. Invoke the established incident response plan
• D. Inform internal audit

Correct answer: C

Explanation

The correct answer is C because activating the incident response plan allows for a structured approach to addressing the breach and securing sensitive information. Performing a root cause analysis (A) and conducting a risk assessment (B) are important steps but should occur after the immediate response is initiated. Informing internal audit (D) is also necessary but not the first action to take in response to a potential security incident.