CISM Certified Information Security Manager – Question0588

An organization’s outsourced firewall was poorly configured and allowed unauthorized access that resulted in downtime of 48 hours. Which of the following should be the information security manager’s NEXT course of action?

A.
Reconfigure the firewall in accordance with best practices.
B. Obtain supporting evidence that the problem has been corrected.
C. Revisit the contract and improve accountability of the service provider.
D. Seek damages from the service provider.

Correct Answer: B