CISM Certified Information Security Manager – Question1262

An information security manager determines the organization's critical systems may be vulnerable to a new zero-day attack. The FIRST course of action is to:

A.
advise management of risk and remediation cost.
B. analyze the probability of compromise.
C. survey peer organizations to see how they have addressed the issue.
D. re-assess the firewall configuration.

Correct Answer: B