An employee is found to be using an external cloud storage service to share corporate information with a third-party consultant, which is against company policy. Which of the following should be the information security manager's FIRST course of action?
A. Determine the classification level of the information.
B. Seek business justification from the employee.
C. Block access to the cloud storage service.
D. Inform higher management a security breach.
A. Determine the classification level of the information.
B. Seek business justification from the employee.
C. Block access to the cloud storage service.
D. Inform higher management a security breach.