CISM Certified Information Security Manager – Question1043

During an annual security review of an organization’s servers, it was found that the customer service team’s file server, which contains sensitive customer data, is accessible to all user IDs in the organization. Which of the following should the information security manager do FIRST?

A.
Report the situation to the data owner
B. Remove access privileges to the folder containing the data
C. Isolate the server from the network
D. Train the customer service team on properly controlling file permissions

Correct Answer: A