CISM Certified Information Security Manager – Question1495

An information security manager has discovered a potential security breach in a server that supports a critical business process. Which of the following should be the information security manager's FIRST course of action?

A.
Shut down the server in an organized manner.
B. Validate that there has been an incident.
C. Inform senior management of the incident.
D. Notify the business process owner.

Correct Answer: B