CISM Certified Information Security Manager – Question1400

An organization has verified that its customer information was recently exposed. Which of the following is the FIRST step a security manager should take in this situation?

A.
Inform senior management.
B. Determine the extent of the compromise.
C. Report the incident to the authorities.
D. Communicate with the affected customers.

Correct Answer: B

Explanation:

Explanation: Before reporting to senior management, affected customers or the authorities, the extent of the exposure needs to be assessed.