CISM Certified Information Security Manager – Question1451

Which of the following is a security manager’s FIRST priority after an organization’s critical system has been compromised?

A.
Implement improvements to prevent recurrence.
B. Restore the compromised system.
C. Preserve incident-related data.
D. Identify the malware that compromised the system.

Correct Answer: C