CISM Certified Information Security Manager – Question1507

An organization's security was compromised by outside attackers. The organization believed that the incident was resolved. After a few days, the IT staff is still noticing unusual network traffic. Which of the following is the BEST course of action to address this situation?

A.
Initiate the incident response process.
B. Identify potential incident impact.
C. Implement additional incident response monitoring tools.
D. Assess the level of the residual risk.

Correct Answer: D