Certified in Risk and Information Systems Control (CRISC) — Question 938
Which of the following is a risk practitioner’s BEST recommendation upon learning that an employee inadvertently disclosed sensitive data to a vendor?
Answer options
- A. Enroll the employee in additional security training.
- B. Invoke the incident response plan.
- C. Conduct an internal audit.
- D. Instruct the vendor to delete the data.
Correct answer: B
Explanation
The best response is to invoke the incident response plan (B) as it provides a structured approach to managing the breach and mitigating any potential damage. Enrolling the employee in additional training (A) is helpful but does not address the immediate incident. Conducting an internal audit (C) may be necessary later but is not the first step in responding to the breach. Instructing the vendor to delete the data (D) is important, but it should be part of a larger incident response strategy.