Certified in Risk and Information Systems Control (CRISC) — Question 775

An organization learns of a new ransomware attack affecting organizations worldwide. Which of the following should be done FIRST to reduce the likelihood of infection from the attack?

Answer options

• A. Verify the data backup process and confirm which backups are the most recent ones available.
• B. Identify systems that are vulnerable to being exploited by the attack.
• C. Confirm with the antivirus solution vendor whether the next update will detect the attack.
• D. Obtain approval for funding to purchase a cyber insurance plan.

Correct answer: B

Explanation

Identifying systems that are vulnerable to exploitation is crucial as it allows the organization to take immediate protective measures. Verifying backups, confirming antivirus updates, and seeking cyber insurance are all important steps, but they should follow the assessment of vulnerabilities to address the immediate risk effectively.