Certified Information Systems Security Professional (CISSP) — Question 452

A colleague who recently left the organization asked a security professional for a copy of the organization's confidential incident management policy. Which of the following is the BEST response to this request?

Answer options

• A. Access the policy on a company-issued device and let the former colleague view the screen.
• B. E-mail the policy to the colleague as they were already part of the organization and familiar with it.
• C. Do not acknowledge receiving the request from the former colleague and ignore them.
• D. Submit the request using company official channels to ensure the policy is okay to distribute.

Correct answer: D

Explanation

The best response is to submit the request using company official channels to ensure that the policy can be shared, as it maintains compliance with organizational policies. Simply allowing the former employee to view the policy or emailing it directly could violate confidentiality agreements. Ignoring the request is also not a professional or compliant approach.