CISA Certified Information Systems Auditor – Question1085

An information security manager has discovered a potential security breach in a server that supports a critical business process. Which of the following should be the information security manager’s FIRST course of action?

A.
Validate that there has been an incident
B. Notify the business process owner
C. Shut down the server in an organized manner
D. Inform senior management of the incident

Correct Answer: A