CISA Certified Information Systems Auditor – Question1932

Which of the following actions should an organization’s security policy require an employee to take upon finding a security breach?

A.
Report the incident to the manager immediately.
B. Inform IS audit management immediately.
C. Confirm the breach can be exploited.
D. Devise appropriate countermeasures.

Correct Answer: A